| Filename | Top Computer Threats |
| Permission | Freeware |
| Author | D-38 |
| Category | INFORMATION |
Top Computer Threats
1. Number of password-stealing Web sites will increase using fake sign-in pages for popular online services
More attacks that attempt to capture a user's ID and password by displaying a fake sign-in page, and increased targetting of popular online services will become more evident in 2007. As evidenced by the phishing attacks that followed natural calamities last year, McAfee Avert Labs also expects more attacks that take advantage of people's willingness to help others in need.
2. Volume of spam, particularly bandwidth-eating image spam, will rise
In November 2006, image spam accounted for up to 40 per cent of the total spam received, compared to less than 10 per cent a year ago. Image spam has been significantly increasing for the last few months and various kinds of spam, typically pump-and-dump stocks, pharmacy and degree spam, are now sent as images rather than text.
Image spam is typically three times the size of text-based spam, so this represents a significant increase in the bandwidth used by spam messages.
3. Popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files.
The W32/Realor worm, discovered in early November 2006 by McAfee, is a recent incident of media malware. The worm could launch malicious Web sites without user prompting, potentially exposing users to bots or password-stealers loaded onto these sites. Other media malware such as Exploit-WinAmpPLS could silently install spyware with very little user interaction.
4. Mobile phone attacks will become more prevalent as mobile devices become smarter
Mobile threats will continue to grow as platform convergence continues. The use of smartphone technology has played a pivotal role in the threat's transition from multifunction, semi-stationary PCs to palm-sized 'wearable' devices. With increased connectivity through BlueTooth, SMS, instant messaging, email, WiFi, USB, audio, video and Web, there are more possibilities for cross device contamination.
5. Adware will go mainstream
In 2006, McAfee saw an increase in commercial Potentially Unwanted Programmes (PUPs), and an even larger increase in related types of malicious Trojans, particularly keyloggers, password-stealers, bots and backdoors. In addition, misuse of commercial software by malware with remotely controlled deployment of adware, keyloggers and remote control software is on the rise.
6. Identity theft and data loss will continue to be a public issue
According to the US Federal Trade Commission, about 10 million Americans are victims of identity fraud each year. At the root of these crimes is often computer theft, loss of backups or compromised information systems. While McAfee expects the number of victims to remain relatively stable, company disclosures of lost or stolen data, increasing incidents of cyberthefts and hacking into retailer, processor and ATM systems and reports of stolen laptops that contain confidential data will continue to keep this topic of public concern.
7. The use of bots will increase as a tool favoured by hackers
Bots -- computer programmes that perform automated tasks -- are on the rise, but will move away from Internet Relay Chat (IRC)-based communication mechanisms and towards less obtrusive ones. In the last few years, there has been increasing interest within the virus-writing community in IRC threats. This was due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure.
'Mules' will also continue to be an important aspect in bot-related money making schemes. These are work-at-home type jobs which are offered through very professional-looking Web sites, through classified ads, and even through instant messaging (IM). These are a crucial part of the reason so many bots are able to be run from places around the globe. In order to get merchandise (often to resell) or cash with stolen credit card credentials, the thieves have to go through more strict regulations if the goods are going to another country. To get around these regulations, they use mules within those originating countries.
8. Parasitic malware, or viruses that modify existing files on a disk, will make a comeback
Even through parasitic malware accounts for less than 10 per cent of all malware (90 per cent of malware is static), it seems to be making a come back.
Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. When the user runs the infected file, the virus runs too. W32/Bacalid, W32/Polip and W32Detnat are three popular polymorphic parasitic file infectors identified in 2006 that have stealth capabilities and attempt to download Trojans from compromised Web sites.
Also important to note is that 80 per cent of all malware is packed, encrypted, or obfuscated, in some attempt to disguise its malicious purpose. Examples of parasitic infectors that are obfuscated include w32/Bacalid and w32/Polip.
9. The number of rootkits on 32-bit platforms will increase
Rootkits will increase on 32-bit platforms -- but protection and remediation capabilities will increase as well. On 64-bit platforms, particularly Vista, malware trends are difficult to predict pending uptake rates for the 64-bit platform, but in general McAfee expects:
A reduction in kernel-mode rootkits, at least in the short-term, while malware authors invent new techniques designed to subvert PatchGuard.
10. Vulnerabilities will continue to cause concern fueled by the underground market for vulnerabilities
The number of disclosed vulnerabilities is expected to rise in 2007. Thus far in 2006, Microsoft has announced 140 vulnerabilities through its monthly patch programme. McAfee expects this number to grow due to the increased use of fuzzers, which allow for large scale testing of applications, and due to the bounty programme that rewards researchers for finding vulnerabilities. This year, Microsoft has already patched more critical vulnerabilities than in 2004 and 2005 combined. By September 2006, the combined 2004 and 2005 total of 62 critical vulnerabilities had already been surpassed. D-38
Post a Comment
0 comments: