Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

New Threats Loom for 2007

Password-stealing sites, video malware, and a parasitic comeback top McAfee's list of predicted threats for new year

Attackers are preparing a new array of exploits and vulnerabilities for next year, security researchers say.

McAfee Avert Labs, the research arm of the popular antivirus vendor, yesterday unveiled its predictions for 2007, based on its analysis of more than 217,000 threats collected to date.

At its current rate of growth, the threat base will grow to 300,000 by the end of next year, the company says. "It is clear that malware is being released by professional and organized criminals," the company said in a statement.

While much of the growth will come from permutations of known bugs, there also are some new threats in the works, McAfee Avert Labs says.

"The increasing use of video formats on social networking sites such as MySpace, YouTube, and VideoCodeZone will attract malware writers seeking to easily permeate a wide network," says David Marcus, security research and communications manager at McAfee Avert Labs. As a result, users can expect to see many more attacks on MPEG and other video or multimedia files, he says.

Similarly, the emergence of smarter, better-connected mobile devices and services will make wireless systems a juicy target in 2007. PC-to-phone and phone-to-PC infections, which first emerged in 2006, will increase in 2007, McAfee Avert Labs predicts. SMiShing, in which phishers insert email-like exploits inside SMS messages, is also expected to increase.

Parasites -- viruses that modify existing files on a disk -- are also making a comeback, McAfee Avert Labs says. The company has seen several instances in which malware injects malicious code into the file where it resides. When the user runs the infected file, the virus runs, too. While this approach was popular in the early days of viruses, parasitic infectors currently make up less than 10 percent of all malware, McAfee Avert Labs says. That figure could grow significantly in 2007.

While the new attack vectors are worth watching, attackers will increase their exploits using well-known methods also, according to the researchers. Password-stealing Websites, which mimic the login pages of popular Websites such as eBay, will continue to be a popular mode of attack in 2007, Marcus says. Spam, adware, and botnets will also grow in the coming year, he predicts.

Users' greater reliance on computers and online services means that there is "a huge potential for monetary gains by malware writers," says Jeff Green, senior vice president at McAfee Avert Labs. "As we see sophisticated techniques on the rise, it's becoming increasingly hard for the general user base to identify or avoid malware infections."

The full list of McAfee Avert Labs' predictions for 2007 can be found here.

— Tim Wilson, Site Editor, Dark Reading

  • McAfee Inc. (NYSE: MFE)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    NSA Appoints Rob Joyce as Cyber Director
    Dark Reading Staff 1/15/2021
    Vulnerability Management Has a Data Problem
    Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: This is not what I meant by "I would like to share some desk space"
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-3686
    PUBLISHED: 2021-01-21
    Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobi...
    CVE-2020-3687
    PUBLISHED: 2021-01-21
    Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue in XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    CVE-2020-3691
    PUBLISHED: 2021-01-21
    Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon We...
    CVE-2020-11167
    PUBLISHED: 2021-01-21
    Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...
    CVE-2020-11179
    PUBLISHED: 2021-01-21
    Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon ...