akira
14-03-2008, 05:36 PM
<div align="center">2008 security predictions roll in
</div>
Available online 14 December 2007.
A rise in VoIP attacks and the resurgence of parasitic malwarenext term are among predictions from security vendors for next year. McAfee and Messagelabs both made predictions for the coming twelve months based on emerging trends in 2007.
VoIP will be a major attack vector, with the number of attacks rising by 50% in 2008, according to David Marcus, security research manager at McAfee Avert Labs. The firm says that more than double the number of VoIP-related vulerabilities have been reported in 2007 compared to last year. Stealing of IP telephony service using the VoIP equivalent of phreaking will be a more common occurrence, he says. Analyst predictions back up this prediction: IDC Canada suggests that 31% of companies in that country were engaged in or had completed a VoIP deployment. 35% of companies were piloting or considering the technology.
Another significant trend would see the re-emergence of parasitic malware as a infection technique. “These are the traditional file infectors – those that would copy themselves into a file,” said Marcus, who said that such files currently represent less than 10% of malware, but that the company has seen a strong resurgence in the category. However, the firm said almost exactly the same thing last year, when parasitic malware was again pegged at under 10% of total malware.
Like most malware today, parasitic programs are used for commercial criminal ends, and their strong tendency toward polymorphism can make them difficult to detect and clean – especially when embedded in media files designed to deliver executable data to the player.
“You have to clean them specifically and carefully, because you want to clean the file of the malware and leave it in its good state,” adds Marcus, who expects the category to grow by 20% overall in 2008.
Other predictions from McAfee included a continued surge in attacks on Web 2.0-type applications, already seen in part this year, and the increased targeting of Vista as the operating system gains traction. Thanks to Storm, which Marcus believes breathed new life into the bot net concept, bot net herders will continue to innovate their techniques and grow their networks of infected machines. IM-based attacks will increase, although the company is coy about predicting a long-feared IM worm that requires no human interaction and which could spread very quickly across the globe.
Next year, MessageLabs predicts a growth in IM-based spamming that had failed to materialise in 2007, and also suggests that both general IT attacks and spam will continue to become more targeted over the next 12 months.
Other growth areas in security for 2008 will include threats related to online gaming, as the economies that these virtual worlds have generated grow in significance. Virtualisation will inevitably become a focal point of security research among both the black hat and white hat communities.
Although phishing activity will continue, its characteristics will alter slightly. Faced with increasing customer education about threats surrounding well-known sites, phishers will gravitate instead to lesser-known brands as phishing targets, hoping to snag more prey and capitalise on passwords used by individuals across multiple sites.
In fact the only attack vector predicted to decline in 2008 will be adware, which has been hit hard by government crackdowns, says McAfee. The use of adware was already declining in 2007, and next year will see more of the same, it says. However, it's worth pointing out that at the end of last year, the firm predicted a surge in adware in 2007.
**Hidden Content: Check the thread to see hidden data.**
</div>
Available online 14 December 2007.
A rise in VoIP attacks and the resurgence of parasitic malwarenext term are among predictions from security vendors for next year. McAfee and Messagelabs both made predictions for the coming twelve months based on emerging trends in 2007.
VoIP will be a major attack vector, with the number of attacks rising by 50% in 2008, according to David Marcus, security research manager at McAfee Avert Labs. The firm says that more than double the number of VoIP-related vulerabilities have been reported in 2007 compared to last year. Stealing of IP telephony service using the VoIP equivalent of phreaking will be a more common occurrence, he says. Analyst predictions back up this prediction: IDC Canada suggests that 31% of companies in that country were engaged in or had completed a VoIP deployment. 35% of companies were piloting or considering the technology.
Another significant trend would see the re-emergence of parasitic malware as a infection technique. “These are the traditional file infectors – those that would copy themselves into a file,” said Marcus, who said that such files currently represent less than 10% of malware, but that the company has seen a strong resurgence in the category. However, the firm said almost exactly the same thing last year, when parasitic malware was again pegged at under 10% of total malware.
Like most malware today, parasitic programs are used for commercial criminal ends, and their strong tendency toward polymorphism can make them difficult to detect and clean – especially when embedded in media files designed to deliver executable data to the player.
“You have to clean them specifically and carefully, because you want to clean the file of the malware and leave it in its good state,” adds Marcus, who expects the category to grow by 20% overall in 2008.
Other predictions from McAfee included a continued surge in attacks on Web 2.0-type applications, already seen in part this year, and the increased targeting of Vista as the operating system gains traction. Thanks to Storm, which Marcus believes breathed new life into the bot net concept, bot net herders will continue to innovate their techniques and grow their networks of infected machines. IM-based attacks will increase, although the company is coy about predicting a long-feared IM worm that requires no human interaction and which could spread very quickly across the globe.
Next year, MessageLabs predicts a growth in IM-based spamming that had failed to materialise in 2007, and also suggests that both general IT attacks and spam will continue to become more targeted over the next 12 months.
Other growth areas in security for 2008 will include threats related to online gaming, as the economies that these virtual worlds have generated grow in significance. Virtualisation will inevitably become a focal point of security research among both the black hat and white hat communities.
Although phishing activity will continue, its characteristics will alter slightly. Faced with increasing customer education about threats surrounding well-known sites, phishers will gravitate instead to lesser-known brands as phishing targets, hoping to snag more prey and capitalise on passwords used by individuals across multiple sites.
In fact the only attack vector predicted to decline in 2008 will be adware, which has been hit hard by government crackdowns, says McAfee. The use of adware was already declining in 2007, and next year will see more of the same, it says. However, it's worth pointing out that at the end of last year, the firm predicted a surge in adware in 2007.
**Hidden Content: Check the thread to see hidden data.**