McAfees Avert Labs research group on Nov. 29 released its annual report on the Top 10 security threats likely to grow in severity during the coming year, highlighting expectations for continued professionalism among malware code writers and a range of attacks on emerging technology platforms in 2007.
The trend toward malware writers and online fraudsters who bring a high level of professionalism to their work will dominate the IT threat landscape, according to Dave Marcus, security research and communications manager at McAfee Avert Labs.
Long gone are the days of script kiddies who created attacks almost purely for sport. They have been replaced by organized networks of code writers who conduct quality assurance tests on their malicious code and offer software updates to the people using their programs to steal money from businesses and end users.
As a result, the threats that Santa Clara, Calif.-based McAfee expects to arrive during 2007 will exhibit a growing sophistication in the methods they employ in attempting to hide themselves in seemingly legitimate applications, and in finding ways to garner sensitive personal and financial information, Marcus said.
Along those lines, McAfee researchers said that the volume and variety of Web sites built to steal users information, such as in phishing schemes, will continue to proliferate. Many of those sites will offer counterfeit sign-in pages designed specifically to mimic the Web interfaces used by popular sites such as eBay.
Unwanted spam e-mail continues to serve as the primary delivery method for many phishing attacks and so-called botnet programs, and the security company is expecting the quantity of the unsolicited messages to rise again over the next year, much as they have during 2006.
Another source of threats projected to increase during 2007 is the use of “potentially unwanted programs” to serve up adware onto users PCs. Those programs typically identify themselves as helpful or entertaining applications, only to serve as a backdoor for other unsolicited code, such as spyware and software used to assail computers with pop-up advertisements.
McAfee contends that the use of botnet programs by hackers to carry out other crimes will also continue to grow, as the model allows code writers to distribute their attacks over widely dispersed systems, making it harder for users to detect their presence and for law enforcement officials to track down cyber-criminals. Botnets involve programs hidden on multiple computers that are secretly used to carry out other forms of attacks.
As a result of the success the researchers expect malware writers to enjoy using all these techniques, McAfee is projecting that identity theft and personal data loss related to online crime and stolen hardware will become an even more high-profile issue among businesses, regulators and consumers over the next 12 months.
Among the newly-emerging threats identified by the researchers as growing in significance and frequency in 2007 will be attacks carried out over video-sharing sites and technologies, as malware writers try to capitalize on the rapidly increasing popularity of YouTube, MySpace and similar Web destinations, and peer-to-peer file sharing systems.
Next Page: Hackers will target music and video files.
Marcus said that hackers will specifically target music and video MPEG files as a manner for hiding their code. The researcher highlighted the recent discovery of the W32.Realor worm virus, which is hidden in multimedia files and can launch malicious Web sites on infected machines without user prompting, as the type of attack his company expects to see more often.
In a recent test of the content stored at popular file-sharing sites such as LimeWire and BitTorrent, nearly one-third of the materials had hidden Web site redirects onboard, although few of the related URLs were ultimately found to be malicious in nature, the researcher said. However, as hackers catch on to the notion of embedding attacks in multimedia files, he expects malicious activity based on the technique to take off.
“With Realor, people thought they were downloading multimedia files, but they were also having their browsers redirected to Web sites with malicious code,” Marcus said. “In this approach, malware writers are putting malicious content in place of legitimate content in a format thats very effective; its very easy to embed malware content into this type of file and people will download without ever thinking about the security risk. Combined with the popularity of peer-to-peer, instant messaging [and] other media sharing sites, theres definitely a cause for concern.”
Another emerging target for attacks are mobile devices, specifically driven by the growing adoption of smart phones, which offer more PC-like functionality and data storage capabilities that many of todays popular handhelds. As more users adopt smart phones that use the same operating system software, made by companies including Microsoft, Research In Motion and Symbian, it will make it easier for hackers to target larger groups of users with mobile malware, according to McAfee.
In terms of malware itself, Marcus said that McAfee expects parasitic attacks, or viruses that modify existing files on a disk, to begin making a comeback. While such attacks account for only 10 percent of all viruses charted today, the ability of hackers to hide the threats easily, including rootkit attacks, is expected to inspire more of the parasitic viruses.
McAfee specifically expects the number of rootkits aimed at 32-bit platforms to increase, but the company said that efforts to protect against and remediate the attacks will also ramp up significantly over the next year.
In another nod to the professionalism of attackers, McAfee researchers said they also expect to see underground markets for malicious software code and software vulnerability data continue to spread out.
Those issues, along with the distributed nature of the attackers themselves, will only make it harder for law enforcement officials to track down and prosecute individuals responsible for creating IT threats, Marcus said.
“Worldwide we dont have worm outbreaks like we saw in 2004, since the goal now for the malware code writers is making money through stolen data or adware, and we see more stealth software like rootkits and static code dropped on the machine to go about doing their tasks in secret,” he said. “Organizations like the FBI and Secret Service have been on the forefront of looking at all this as being created by professional organizations, but its a very borderless situation, which makes it that much harder to find people and prosecute them.”
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.