No. 1 on his list: "The first spyware that targets Firefox will appear" in the first half of this year, Stiennon says. "That means either a spyware writer will take advantage of a vulnerability in Firefox, as others already have in Internet Explorer, or create a site that forces Firefox to invisibly download and install adware or spyware." Test code against Firefox already exists, Stiennon says, adding that he has seen spyware exploits against Firefox that don't work.
In Stiennon's opinion, his most distressing prediction is that spyware will latch onto RSS as a way to distribute ad- and spy-style software. "I'm extremely concerned about this," he says. "Already we're seeing marketers look to RSS. A recent list by marketing types on why RSS is better than E-mail, for example, had 'no more annoying complaints about spam' at No. 8. Where marketers go, adware and spyware writers follow."
Another nasty possibility is that a vulnerability will be found in one of the big blogging services. "If a spyware writer finds a way to inject code into a blogging site--which could take the form of a Simple Object Access Protocol object--most likely through a future vulnerability in Internet Explorer 7, then everyone who subscribes to that service's blog RSS feeds is going to get infected." Such an attack could be massive, and because of the automated nature of RSS, extremely fast-acting.
Stiennon also predicts that rootkits, hacker toolkits now used by the most sophisticated worm authors to hide evidence of their malicious code from antivirus scanners, will migrate to spyware this year.
Another prediction is no surprise considering how much space Stiennon has devoted on his blog to a recent incident in Israel, where several companies' executives have been charged with industrial espionage after hiring private investigators who, in turn, used a British programmer's spyware Trojan to infect rivals' computers. "An episode of industrial espionage using spyware will be revealed in the U.S.," Stiennon says. "Without a doubt."