Spam, particularly image spam, is on the rise. In November 2006, image spam accounted for up to 40 percent of the total spam received, compared to less than ten percent a year ago. Image spam has been significantly increasing for the last few months and various kinds of spam, typically pump-and-dump stocks, pharmacy and degree spam, are now sent as images rather than text. Image spam is typically three times the size of text based spam, so this represents a significant increase in the bandwidth used by spam messages.
The popularity of video on the Web will make it a target for hackers. The increasing use of video formats on social networking sites such as MySpace, YouTube and VideoCodeZone will attract malware writers seeking to easily permeate a wide network.
Unlike situations involving email attachments, most users will open media files without hesitation. Furthermore, as video is an easy-to-use format, functionality such as padding, pop-up ads and URL redirects become ideal tools of destruction for malware writers. In combination, these issues make malicious coders likely to achieve a high degree of effectiveness with media malware.
The W32/Realor worm, discovered in early November 2006 by McAfee Avert Labs, is a recent incident of media malware. The worm could launch malicious Web sites without user prompting, potentially exposing users to bots or password-stealers loaded onto these sites.
Other media malware such as Exploit-WinAmpPLS could silently install spyware with very little user interaction. As video-sharing networks on the Web proliferate, the potential capture of a large audience will incite malware writers to exploit these channels for monetary gain.
More mobile attacks. Mobile threats will continue to grow as platform convergence continues. The use of smartphone technology has played a pivotal role in the threat’s transition from multifunction, semi-stationary PCs to palm-sized “wearable” devices. With increased connectivity through BlueTooth, SMS, instant messaging, email, WiFi, USB, audio, video and Web, there are more possibilities for cross device contamination.
2006 saw efforts by mobile malware authors to achieve PC-to-phone and phone-to-PC infection vectors. The PC-to-phone vector was achieved with the creation of MSIL/Xrove.A, a .NET malware that can infect a smartphone via ActiveSync.
Existing phone-to-PC vectors remain primitive in nature at this time, such as infecting via removable memory cards. However, McAfee expects that this next stage will be achieved in 2007.
SMiShing, which involves taking the techniques of phishing by email and porting them to SMS (SMiShing instead of phishing), is also expected to increase in prevalence.
In August 2006, McAfee Avert Labs received its first sample of a SMiShing attack with VBS/Eliles, a mass mailing worm that also sends short message service (SMS) messages to mobile phones. By the end of September 2006, four variants of the worm had been discovered.
In addition, for-profit mobile malware is expected to increase in 2007. While most of the malware Avert Labs has run across includes relatively simple Trojan horses, the outlook has changed with the J2ME/Redbrowser Trojan.
J2ME/Redbrowser is a Trojan horse program that pretends to access Wireless Access Protocol (WAP) web pages via SMS messages. In reality, instead of retrieving WAP pages, it sends SMS messages to Premium Rate numbers, thus costing the user more than intended. A second J2ME, Wesber, appearing in late 2006, also sends out messages to a premium SMS number.