McAfee predicts 2008's worst security threats

McAfee predicts 2008's worst security threats


Social sites likely to be big targets for cyber criminals

McAfee has forecast that nine security threats will increase in 2008, while it expects ad-serving software known as adware to decrease.

The forecasts are based on the development of attacks seen in the firm's own lab. Greg Day, McAfee security analyst, said that Web 2.0 sites would increasingly be used by cyber criminals to distribute malware or steal volumes of data. Web 2.0 sites offering everything from consumer social networking to business relationship management could prove an easy form of attack, being “the internet version of a shopping mall or crowded city,” Day said.

The Storm Worm, also known as Nuwar, set a precedent in how botnets are likely to develop, said McAfee. Storm Worm’s creators “released thousands of variants and changed coding techniques, infection methods and social engineering schemes far more than any other threat in history” and “created the largest peer-to-peer botnet ever” said the report.

“In the old days bots were made to be indiscoverable and we worked to discover them, but now the trend is having more generals to command the trend,” Day added.

Attackers are also likely to focus on instant messaging, according to the security vendor. A threat spreads fast through instant messaging because attackers have a pre-existing list of targets in the address book and can automate the “flash” worm so a carrier does not know it is infected, said Day. In 2007 there have been 10 high-severity instant messaging risks, compared to none in 2006, according to McAfee.

Online gaming will be another common target for attacks as virtual objects in games gain in value, the firm predicts. “The number of password-stealing Trojans that targeted online games in 2007 grew faster than the number of Trojans that target banks,” reported the firm.

This is supported by news of the first European being arrested for stealing virtual objects—a Dutch 17-year-old who stole virtual property from the 3D cartoon world Habbo Hotel.

Criminals go after common environments and because adoption figures for Vista are on the increase, the Microsoft operating system will also make a heavy investment for attacks, said Day. Similarly, as virtualisation transforms information security “malware authors will begin looking at ways to circumvent the new defensive technology, continuing the classic game of cat and mouse,” said the report.

The seventh prediction McAfee makes is that phishers will shift focus to small, un-prepared transaction sites, rather than maintaining target on banking sites. Banks have been offering free anti virus protection to customers, creating more advanced password techniques and generally increasing their layers of protection, said Day. Therefore “smaller e-commerce sites will be the new target”, added Day.

Parasitic malware is a threat the firm expects to grow by 20 percent in 2008. Parasitic infectors are viruses that modify existing files on disk. “It is a technology that is old but has come back in recent years,” as seen with threats such as Grum, Virut and Almanahe, said Day.

The last type of threat predicted by McAfee to increase is caused by VoIP attacks. The threat is estimated to rise by 50 percent. “It is clear that VoIP threats have arrived and there’s no sign of a slow down,” said the report. “The technology is still new and defence strategies are lagging,” the report added.

The decline in adware that started in 2006 because of the government crackdown bringing a positive effect is expected to continue, said the firm.