Security Warning 2008: Top 11 Malware Threats To Watch Out For
Here's a heads-up on the evolving security threats we can expect to see in the coming year, including emerging menaces such as badvertising, adsploits, anti-social networking, lieware, and whaling
By the end of 2008, McAfee Avert Labs predicts it will have identified some 550,000 malicious programs, a 54% increase from 2007. With all the new malware emerging, we can expect new terminology to describe these constantly morphing threats. Here, then, is our only slightly tongue-in-check attempt to predict some of the rising threats in 2008 and the language that may be employed to describe those threats.
With 38,500 mentions in Google, "badvertising" already has more of a following than a word like "malcode." The phenomenon it describes, advertising with malice, has been around for several years at least. To date, it has been enough to refer to criminal advertising using terms like "spam," "adware," and "spyware."
The trouble with these terns is that they can be used to refer to legal software or activities. Spam, of course, is permitted under the CAN SPAM Act of 2003. Adware and spyware, meanwhile, can perform their functions legally with user notice and consent (at least until the notice and consent is successfully challenged in court as inadequate).
While "crimeware" is becoming a popular term in lieu of the more fuzzily defined "spyware," "badversting" has an appealing specificity. "Crimeware" after all could refer not just to software but to hardware, like an ice pick. What "badvertising" recognizes is that not all advertising is good.
In 2008, we'll need the word because online advertising will become a major security problem. Indeed it is already: about 80% of malicious code online comes from online ads, according to the Q1 2007 Web Trends Security Report published by Finjan, a computer security company. Watch what happens when AdBlock Plus gets re-branded AdBlock Security.
We may also see "adsploit" emerge to refer to exploits delivered over ad networks. Admittedly, the term has a long way to go, with a mere four mentions in Google, none of which seem particularly coherent. But what better word is there to refer to malware like Trojan.Qhost.WU, which replaces Google AdSense text ads with ads from an unauthorized, potentially malicious provider.
Indexically Transmissible Viruses
Cyber criminals are working overtime to get their sites listed in search indexes. Gaming Google's PageRank algorithm to get one's malware site prominent placement on a search result page has proven to be an effective way to compromise the computers of unwary visitors. Google and the rest are fighting back, as suggests Google's purge of tens of thousands of malware-riddled pages from its index in late November. But the ease and speed with which new sites can be created means that the search companies have a hard time keeping up. Referring to "indexically transmissible viruses" seems like a way to blame search engines more and cyber criminals less, but that's the point: searching needs to be safe.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.