Malware Doubled In 2007; Next Year Isn't Looking Better - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
News
12/5/2007
06:13 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Malware Doubled In 2007; Next Year Isn't Looking Better

Analysts with F-Secure and Websense predict an explosive growth of malware, bot attacks, QuickTime exploits, and viruses that target the iPhone.

At the start of 2007, computer security firm F-Secure had about 250,000 malware signatures in its database, the result of almost 20 years of antivirus research. Now, near the end of 2007, the company has about 500,000 malware signatures.

"We added as many detections this year as for the previous 20 years combined," said Patrik Runald, security response manager at F-Secure.

F-Secure's report on 2007 threats isn't a pretty picture. Beyond the explosive growth of malware, the year also saw the emergence of the Storm worm, a catch-all term for a series of related backdoor Trojans and e-mail worms that have been distributed to create a massive peer-to-peer botnet.

Shortly, F-secure expects the gang behind the Storm worm to open its botnet for business, renting access to other cyber criminals.

The F-Secure report also notes that Trojans that steal online bank login information and Trojans that steal passwords from online games became more popular in 2007 and will likely continue to do so in 2008. Runald notes that F-Secure is detecting 10 to 40 new variants of banking Trojans every day.

Apple products came under increasing attack in 2007. "We're seeing a lot more activity on Macs," said Runald, noting QuickTime exploits became more prevalent. "QuickTime is now installed in so many PCs, thanks to iTunes, that it has become a target."

F-Secure's report notes that rising Mac market share and Safari's availability for Windows and the iPhone have also encouraged cyber criminals, like those responsible for Zlob spyware, to try to exploit vulnerabilities in Apple software and hardware.

Data base breaches were big in 2007, with ongoing revelations about the scope of the TJX breach, the U.K. government's loss of some 25 million records about its citizens, and a spear phishing attack that netted a list of Saleforce.com customers.

"Personal information available for exploit is everywhere," says F-Secure's report. "With the popularity of social networking sites it's ever more readily available to the bad guys. We'll see more bulk targeted attacks via spam as database leaks are used to enhance social engineering during 2008."

Outlook For 2008: Steganography And Vishing

The company is also predicting more mobile-oriented exploits and Web application exploits in the year to come.

"We're going to see more, better, stronger, faster attacks," said Runald.

Websense, another computer security firm, offers a similar view of 2008 in a report it issued on Wednesday.

Dan Hubbard, VP of security research at Websense, predicted a surge in attacks that attempt to exploit interest in the upcoming 2008 Olympic Games in Beijing, China. "It's just timely," he said. "It's global, and there's a big group to go after."

Hubbard expects spam directed at forums and blogs to grow, in part because e-mail spam protections have become more effective. By posting the URLs of malicious sites on popular blogs and forums, spammers hope to make their sites appear more prominent in search results lists.

Websense anticipates that attackers will look increasingly to exploit weaknesses in the interconnected nature of Web sites today, which often include data from ad services, widget providers, and other third-party sources. In fact, the company predicts that the number of exploited sites will surpass the number of sites created specifically to spread malware in 2008.

"Compromising sites -- particularly, sites well-visited by end-users, such as the Dolphin Stadium attack that occurred a few days prior to the 2007 Super Bowl XLI in Miami -- provides attackers with built-in Web traffic and minimizes the need for lures through email, instant messaging or Web posts," the Websense report says.

Websense foresees more Mac and iPhone attacks. And it anticipates more polymorphic JavaScript attacks -- malicious sites that serve uniquely coded attacks to each visitor as a way to defeat signature-based security.

As for data breaches, Websense expects cyber criminals to explore ways of disguising data, such as the use of steganography (hiding data in an image file), to sneak stolen information through guarded corporate firewalls.

Finally, Websense forecasts a rise in voice message spam and "vishing," which is phishing using automated voice calls in an attempt to prompt users to enter personal information through their mobile phones.

Hubbard expects some good news: He believes that one of the five or six major cyber crime groups will be shut down by law enforcement authorities. "We really think because they're so out in the open... there's going to be a big crackdown," he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll