New Threats Loom for 2007Password-stealing sites, video malware, and a parasitic comeback top McAfee's list of predicted threats for new year
Attackers are preparing a new array of exploits and vulnerabilities for next year, security researchers say.
McAfee Avert Labs, the research arm of the popular antivirus vendor, yesterday unveiled its predictions for 2007, based on its analysis of more than 217,000 threats collected to date.
At its current rate of growth, the threat base will grow to 300,000 by the end of next year, the company says. "It is clear that malware is being released by professional and organized criminals," the company said in a statement.
While much of the growth will come from permutations of known bugs, there also are some new threats in the works, McAfee Avert Labs says.
"The increasing use of video formats on social networking sites such as MySpace, YouTube, and VideoCodeZone will attract malware writers seeking to easily permeate a wide network," says David Marcus, security research and communications manager at McAfee Avert Labs. As a result, users can expect to see many more attacks on MPEG and other video or multimedia files, he says.
Similarly, the emergence of smarter, better-connected mobile devices and services will make wireless systems a juicy target in 2007. PC-to-phone and phone-to-PC infections, which first emerged in 2006, will increase in 2007, McAfee Avert Labs predicts. SMiShing, in which phishers insert email-like exploits inside SMS messages, is also expected to increase.
Parasites -- viruses that modify existing files on a disk -- are also making a comeback, McAfee Avert Labs says. The company has seen several instances in which malware injects malicious code into the file where it resides. When the user runs the infected file, the virus runs, too. While this approach was popular in the early days of viruses, parasitic infectors currently make up less than 10 percent of all malware, McAfee Avert Labs says. That figure could grow significantly in 2007.
While the new attack vectors are worth watching, attackers will increase their exploits using well-known methods also, according to the researchers. Password-stealing Websites, which mimic the login pages of popular Websites such as eBay, will continue to be a popular mode of attack in 2007, Marcus says. Spam, adware, and botnets will also grow in the coming year, he predicts.
Users' greater reliance on computers and online services means that there is "a huge potential for monetary gains by malware writers," says Jeff Green, senior vice president at McAfee Avert Labs. "As we see sophisticated techniques on the rise, it's becoming increasingly hard for the general user base to identify or avoid malware infections."
The full list of McAfee Avert Labs' predictions for 2007 can be found here.
Tim Wilson, Site Editor, Dark Reading
McAfee Inc. (NYSE: MFE)
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio