McAfee’s Top Ten Security Threats for 2007

On Thursday McAfee’s Avert Labs announced its Top 10 predictions for security threats in 2007 and the overarching theme is mass-mailing worms are a thing of the past as professionalism takes over the ranks of malware writers.

“They understand that noise is bad for business,” said David Marcus, McAfee’s Security Research and Communications manager. “They understand, ‘If I can make my bot quieter or make my adware quieter it’s going to live longer’.”

More Security Articles on CIO Update

Zombies Control Half of Windows PCs

Cyber Extortion Getting Renewed Interest from Criminals

Spam Is Back With a Vengeance

Cyber-Defenses Never Enough

FREE Tech Newsletters

McAfee Avert Labs’ Top 10 security threats for 2007 are as follows with the ones corporations need to pay particular attention to at or near the top:

  • The volume of spam, particularly bandwidth-eating image spam, will continue to increase.
  • The use of bots, computer programs that perform automated tasks, will increase as a tool favored by hackers.
  • The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well.
  • Parasitic malware, or viruses that modify existing files on a disk, will make a comeback.
  • The number of password-stealing Web sites will increase using fake sign-in pages for popular online services such as eBay.
  • The popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code.
  • Mobile phone attacks will become more prevalent as mobile devices become “smarter” and more connected.
  • Adware will go mainstream following the increase in commercial Potentially Unwanted Programs (PUPs).
  • Identity theft and data loss will continue to be a public issue – at the root of these crimes is often computer theft, loss of back-ups and compromised information systems.
  • Vulnerabilities will continue to cause concern fueled by the underground market for vulnerabilities.

    “I guess the ones that would concern me probably for the enterprise would definitely be the continuing issues of spam—that’s always huge enterprise problem,” said Marcus. “The bot issue is definitely something that corporations and enterprises should definitely be aware, especially considering how much more cleaver bot-writers tend to be than most mal-writers.”

    McAfee researchers are seeing evidence of the rise of professional and organized crime in malware creation, whereby development teams are creating malicious software, testing it and automating its production and release.

    Sophisticated techniques such as polymorphism, the recurrence of parasitic infectors, rootkits, and automated systems with cycling encryption releasing new builds are becoming more prevalent.

    Furthermore, threats are being packed or encrypted to disguise their malicious purpose on a more rapid and complex scale.

    In July 2006, McAfee announced that it officially released protection for the 200,000th threat in its database. Since January 1, 2006, McAfee has added approximately 50,000 new threats to its database and is on track to exceed 225,000 new threats by the end of the year.

    Given current trends, McAfee expects the 300,000th threat to be identified by the end of 2007, demonstrating its growth potential.

    A Little More on Each

    Password-stealing Web sites are on the rise. More attacks that attempt to capture a user’s ID and password by displaying a fake sign-in page, and increased targeting of popular online services such as eBay, will become more evident in 2007.

    As evidenced by the phishing attacks that followed Hurricane Katrina, McAfee Avert Labs also expects more attacks that take advantage of people’s willingness to help others in need. In contrast, the number of attacks on ISPs are expected to decline while those aimed at the financial sector will remain steady.