McAfee paints grim picture for 2008

McAfee's top 10 security threats for 2008 is headed by attacks on web 2.0 sites

Smarter botnets and attacks targeting web services will be the two most serious threats facing users next year, according to McAfee.

The security firm's top 10 security threats for 2008 was headed by attacks on web 2.0 sites, followed by increasingly sophisticated botnets led by the infamous Storm infection.

Other possible threats include an increase in malware aimed at online games, a rise in Windows Vista attacks and an increased focus on virtualisation and VoIP.

Many of the threats to web 2.0 services are based on poor design. McAfee security researcher Craig Schmugar suggested that companies are not making security a top priority, likening it to early operating system software like Windows 95.

"Functionality is ahead of the security curve in the web 2.0 space," he said. "Security may not have been the top of the list as far as the feature set goes. "

Dave Marcus, security research and communications manager at McAfee, noted that the porous design of web-based services coincided with a rise in cross-site scripting vulnerabilities, which overtook buffer overflow errors last year as the most common reported vulnerability.

"It always seems to be that the buffer overflow is considered the holy grail, " he said. "But cross-site scripting is more potent and has been more valuable lately."

Second on McAfee's list was the increasing sophistication of botnets, which Schmugar and Marcus largely attributed to the hackers behind the Storm worm.

The email-borne attack hounded users and researchers throughout 2007, hiding itself in a variety of forms of spam.

McAfee claimed that the attackers found new ways to present Storm, and different ways to write the malware itself.

Schmugar explained that Storm is an example of a polymorphic worm, changing its code with each new infection to avoid detection by security software.

Unlike other polymorphic worms which change the code on infecting the end user, Storm re-writes itself on the host server.

This makes it much more difficult for researchers to obtain a sample which will allow them to see how the code changes and defend against it.

Schmugar sees this as a dangerous precedent for the way botnets are spread and operated.

"Storm is the poster child. We will see other botnet operators look to Storm and piggyback on what it's doing," he said.