Password Theft, Video Files Top List of Security Threats

McAfee researchers predict that password theft, malware delivered via video-sharing technologies and attacks aimed at mobile devices will be among the most significant problems tackled by IT administrators over the next 12 months.

McAfees Avert Labs research group on Nov. 29 released its annual report on the Top 10 security threats likely to grow in severity during the coming year, highlighting expectations for continued professionalism among malware code writers and a range of attacks on emerging technology platforms in 2007.

The trend toward malware writers and online fraudsters who bring a high level of professionalism to their work will dominate the IT threat landscape, according to Dave Marcus, security research and communications manager at McAfee Avert Labs.

Long gone are the days of script kiddies who created attacks almost purely for sport. They have been replaced by organized networks of code writers who conduct quality assurance tests on their malicious code and offer software updates to the people using their programs to steal money from businesses and end users.

As a result, the threats that Santa Clara, Calif.-based McAfee expects to arrive during 2007 will exhibit a growing sophistication in the methods they employ in attempting to hide themselves in seemingly legitimate applications, and in finding ways to garner sensitive personal and financial information, Marcus said.

Along those lines, McAfee researchers said that the volume and variety of Web sites built to steal users information, such as in phishing schemes, will continue to proliferate. Many of those sites will offer counterfeit sign-in pages designed specifically to mimic the Web interfaces used by popular sites such as eBay.

/zimages/1/28571.gifClick here to read more about how phishers are turning their attention from banks to wealthier individuals, with increasing success.

Unwanted spam e-mail continues to serve as the primary delivery method for many phishing attacks and so-called botnet programs, and the security company is expecting the quantity of the unsolicited messages to rise again over the next year, much as they have during 2006.

Another source of threats projected to increase during 2007 is the use of "potentially unwanted programs" to serve up adware onto users PCs. Those programs typically identify themselves as helpful or entertaining applications, only to serve as a backdoor for other unsolicited code, such as spyware and software used to assail computers with pop-up advertisements.

McAfee contends that the use of botnet programs by hackers to carry out other crimes will also continue to grow, as the model allows code writers to distribute their attacks over widely dispersed systems, making it harder for users to detect their presence and for law enforcement officials to track down cyber-criminals. Botnets involve programs hidden on multiple computers that are secretly used to carry out other forms of attacks.

/zimages/1/28571.gifThe recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a 70,000-strong botnet powered by hijacked computers in more than 160 countries. Click here to read more.

As a result of the success the researchers expect malware writers to enjoy using all these techniques, McAfee is projecting that identity theft and personal data loss related to online crime and stolen hardware will become an even more high-profile issue among businesses, regulators and consumers over the next 12 months.

Among the newly-emerging threats identified by the researchers as growing in significance and frequency in 2007 will be attacks carried out over video-sharing sites and technologies, as malware writers try to capitalize on the rapidly increasing popularity of YouTube, MySpace and similar Web destinations, and peer-to-peer file sharing systems.

Next Page: Hackers will target music and video files.