2009 could be banner year for malware

Security experts have seen a surge in web-based attacks

Malware volumes exploded in 2008 and could herald an even worse 2009, according to security experts.

MessageLabs said in its Annual Security Report that a number of new cyber-crime trends had taken shape, among them more targeted attacks and a greater focus on web services and social networks.

Among the major trends was a surge in web-based attacks. Reports of sites being used to spread malware jumped by 83 per cent over the year, a figure largely attributed to an increase in SQL injection attacks over the summer.

Social networking sites and web-based applications were also a popular target this year. MessageLabs saw major increases in attacks as criminals adopted the use of fake profile pages or phony video sites to infect new users.

The company expects this trend to continue into 2009. "In 2008 the threats targeting social networking environments became very real," said MessageLabs chief security analyst Mark Sunner.

"The ability to adapt to new mediums, and upload enticing content as 'snake oil' to persuade an information-hungry user to activate it, is one of the cyber criminal's strongest talents, and has made them successful in transforming deception into a fully scalable business model within the underground shadow economy."

There was some good news, however, as the study found that total spam levels dropped by 3.4 per cent in 2008. Levels dropped even further when authorities shut down ISPs which had been hosting some of the major perpetrators.

MessageLabs expects 2009 to bring a higher volume of spam from web-based services as spammers focus their attention on creating new accounts through Captcha-breaking software tools.