03:07 PM
Connect Directly

McAfee Sees Cybercriminals Targeting Web 2.0, Windows Vista, And Online Games

McAfee also is predicting a 50% increase in VoIP attacks in 2008, compared to this year.

Threats to Web 2.0 sites, Windows Vista, and online games are expected to increase in 2008, along with attacks on IM, virtualization, and VoIP software, according to security firm McAfee.

In a conference call for the media, McAfee previewed its list of the top ten threats for 2008, which the company plans to release on Friday.

Dave Marcus, security research and communications manager at McAfee Avert Labs, and Craig Schmugar, threat research manager, had only one bit of good news: adware is in decline.

Citing successful regulatory action by the FTC, specifically its case against adware distributor Direct Revenue, Schmugar noted that adware peaked earlier this year and has been in decline since then.

"We expect that trend to continue," said Schmugar. "Advertisers don't like the association with adware. It leaves a bad taste in people's mouth."

While the FTC's actions may have helped push shady adware companies toward legitimacy or out of the business, serious cybercriminals have not been deterred.

Pointing to compromises and malware at,, and, Schmugar likened Web 2.0 sites to the early days of Windows 95, when the focus was on a new way of doing things rather than on security.

Marcus suggested that sites like MySpace have become victims of their own success, having grown large enough to justify targeting by malware authors.

This logic also underlies McAfee's prediction that Windows Vista will face more attacks in the coming year. With only about a 10% installed base to date, Schmugar predicted Vista would get more attention from cybercriminals as it gets more attention from consumers and businesses. Nineteen vulnerabilities have been reported in Vista since its release earlier this year and McAfee expects more will be reported next year.

Online gaming is another area where McAfee foresees a rising number of attacks. The reason is that cybercriminals follow the money. There are millions of online gamers who pay a lot to play games, and many online gamers buy virtual items. "There's money in it," explained Schmugar. "Virtual objects are worth money. People sell virtual accounts. And it's lower risk than targeting a bank."

McAfee expects botnets, particularly the Storm botnet, to continue spreading malware and that this will lead to more compromised PCs (and more malware). The Storm botnet has proven to be singularly successful, growing in size even as other botnets decline, due to sophisticated coding techniques that allow it to communicate over encrypted channels and to change its method of attack over time.

Efforts by top finance and technology brands to combat phishing are expected to lead to more phishing targeting regional banks and non-financial sites, such as MySpace, said Schmugar. The reason is that people tend to use the same user ID and password information across multiple sites and cybercriminals see lower profile targets presenting lower risk.

Schmugar also predicted that parasitic crimeware would increase by 20% next year. 2007 saw several notable examples: Almanahe, Grum, and Virut. A parasitic virus called Fujack has spawned some 400 variants while parasitic virus called Philis, first spotted in 2004, has seen a resurgence.

Parasitic crimeware writes data into existing files rather than installing separate files. This makes it potentially more difficult to remove, if the malware author chose to overwrite necessary code. While this is an old technique, Schmugar noted that it hasn't been used much recently and that as a consequence, many of the newer anti-virus programs aren't adept at dealing with this tactic.

McAfee is predicting a 50% increase in VoIP attacks in 2008, compared to this year, which has already seen twice as many VoIP attacks as there were in 2006. And the company expects hackers to turn their attention to virtualization software because IT security professionals are looking to virtualization for defense.

Comment  | 
Print  | 
More Insights
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest August 03, 2015
The networking industry agrees that software-defined networking is the way of the future. So where are all the deployments? We take a look at where SDN is being deployed and what's getting in the way of deployments.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.