Online criminals will continue to expand their arsenal of malware tools in 2007 to include emerging media such as video files and mobile phones, security firm McAfee predicted.
The malware phenomenon is fuelled by a growing online market for identity theft, spam and adware. This is prompting criminals to more closely mimic the processes that have been adopted by legitimate software developers such testing and quality assurance procedures, the security vendor observed.
"The goal now is making money through data theft or adware. They write them for different reasons, to make money off it," said David Marcus, McAfee's security research and communications manager.
Online criminals will develop malware for any application that attracts large numbers of consumers and, as a result, are likely to start creating movie Trojans. When a user opens such a file in their media player, the software will automatically start downloading and installing malware or adware. A first example of such an online threat was detected earlier this month in the Realor worm that targets the Real Player.
Mobile phones too are expected to receive increased scrutiny from criminals. As the Symbian operating system is becoming the de facto standard for consumer smartphones and is reaching critical mass, the software becomes an attractive target for malware authors. Also, smartphones are starting more closely to resemble computers and consumers are getting used to installing and running software on the devices.
Microsoft's Windows Vista operating system is notably absent from McAfee's list of security predictions for 2007. The software offers several technologies that prevent attacts that are common today. However, Marcus expects that it will take malware authors about nine months before they figure out ways to compromise the software's defences.
Despite the onslaught of new security vulnerabilities, Marcus remained optimistic about the overall state of computer security, pointing to advances in security software.
"It's not doomsday. The bad guys always do their best, but the [security] industry is also maturing," Marcus said.
McAfee's complete list of predictions for next year:
- The number of password-stealing websites will increase using fake sign-in pages for popular online services such as eBay.
- The volume of spam, particularly bandwidth-eating image spam, will continue to increase.
- The popularity of video sharing on the web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code.
- Mobile phone attacks will become more prevalent as mobile devices become 'smarter' and more connected.
- Adware will go mainstream following the increase in commercial Potentially Unwanted Programs.
- Identity theft and data loss will continue to be a public issue – at the root of these crimes is often computer theft, loss of back-ups and compromised information systems.
- The use of bots, computer programs that perform automated tasks, will increase as a tool favoured by hackers.
- Parasitic malware, or viruses that modify existing files on a disk, will make a comeback.
- The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well.
- Vulnerabilities will continue to cause concern fuelled by the underground market for vulnerabilities..
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold