Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

New Threats Loom for 2007

Password-stealing sites, video malware, and a parasitic comeback top McAfee's list of predicted threats for new year

Attackers are preparing a new array of exploits and vulnerabilities for next year, security researchers say.

McAfee Avert Labs, the research arm of the popular antivirus vendor, yesterday unveiled its predictions for 2007, based on its analysis of more than 217,000 threats collected to date.

At its current rate of growth, the threat base will grow to 300,000 by the end of next year, the company says. "It is clear that malware is being released by professional and organized criminals," the company said in a statement.

While much of the growth will come from permutations of known bugs, there also are some new threats in the works, McAfee Avert Labs says.

"The increasing use of video formats on social networking sites such as MySpace, YouTube, and VideoCodeZone will attract malware writers seeking to easily permeate a wide network," says David Marcus, security research and communications manager at McAfee Avert Labs. As a result, users can expect to see many more attacks on MPEG and other video or multimedia files, he says.

Similarly, the emergence of smarter, better-connected mobile devices and services will make wireless systems a juicy target in 2007. PC-to-phone and phone-to-PC infections, which first emerged in 2006, will increase in 2007, McAfee Avert Labs predicts. SMiShing, in which phishers insert email-like exploits inside SMS messages, is also expected to increase.

Parasites -- viruses that modify existing files on a disk -- are also making a comeback, McAfee Avert Labs says. The company has seen several instances in which malware injects malicious code into the file where it resides. When the user runs the infected file, the virus runs, too. While this approach was popular in the early days of viruses, parasitic infectors currently make up less than 10 percent of all malware, McAfee Avert Labs says. That figure could grow significantly in 2007.

While the new attack vectors are worth watching, attackers will increase their exploits using well-known methods also, according to the researchers. Password-stealing Websites, which mimic the login pages of popular Websites such as eBay, will continue to be a popular mode of attack in 2007, Marcus says. Spam, adware, and botnets will also grow in the coming year, he predicts.

Users' greater reliance on computers and online services means that there is "a huge potential for monetary gains by malware writers," says Jeff Green, senior vice president at McAfee Avert Labs. "As we see sophisticated techniques on the rise, it's becoming increasingly hard for the general user base to identify or avoid malware infections."

The full list of McAfee Avert Labs' predictions for 2007 can be found here.

— Tim Wilson, Site Editor, Dark Reading

  • McAfee Inc. (NYSE: MFE)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Zero-Factor Authentication: Owning Our Data
    Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
    44% of Security Threats Start in the Cloud
    Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
    Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
    Robert Lemos, Contributing Writer,  2/20/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    How Enterprises Are Developing and Maintaining Secure Applications
    How Enterprises Are Developing and Maintaining Secure Applications
    The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-9342
    PUBLISHED: 2020-02-22
    The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.
    CVE-2020-9338
    PUBLISHED: 2020-02-22
    SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
    CVE-2020-9339
    PUBLISHED: 2020-02-22
    SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
    CVE-2020-9340
    PUBLISHED: 2020-02-22
    fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
    CVE-2020-9341
    PUBLISHED: 2020-02-22
    CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.