The Trojan's takeover of the malware world will extend well into 2007, as wide-spread worm epidemics continue to be replaced by targeted attacks on specific companies.
And the fate of Microsoft's new Vista operating system -- how widely it's adopted this year and how well hackers do probing its coding -- largely will determine the security landscape for this year.
These are just a few of the many findings from the Kaspersky Lab reports, which document last year's battle with worms, viruses, Trojans and spam, while also looking ahead to gauge what the coming security storm will entail for 2007. Last year's story, the rise of the targeted Trojan attack, also will be a large part of the story for this year, according to Shane Coursen, a senior technical consultant with Kaspersky, a security company based in Woburn, Mass.
"Absolutely. Yes, we'll be seeing a lot more of the Trojan," says Coursen. "There will be nothing like Slammer or Code Red for quite some time. It'll be all about the Trojan. They're easy to put together and then recompile at a moment's notice to produce a new type of executable. Or they can be repackaged to look different to scanners and makes the anti-virus [programs'] job a bit more difficult."
A few years ago, major world-wide worm attacks, like the one caused by Mytob, were what IT managers had to worry about. Worms swept through the Wild infecting millions of computers and causing companies billions in clean up. The threat has changed, though. Today, managers' worries are turning to pinpoint attacks. Just a few weeks ago, hackers used a zero-day flaw in Microsoft Word to launch targeted attacks against a specific company. Hackers used the then-unknown vulnerability to launch an attack against two employees at the same company earlier this month. The Trojan not only focused in on one company but also specifically targeted the two victims by what they do there.
IT managers need to be on the lookout for that kind of attack, Coursen says. "The last year hasn't been a year of innovation," he adds. "It's been more about putting together many different technologies or approaches. Malicious hackers are not resting. They are constantly on the move, looking for more and more ways to steal our information and our money."
If nothing else, 2006 turned out to be a busy year for malware writers -- and those fending them off. The Kaspersky report notes that the total number of malicious programs was up 41% from 2005. Last year, saw the growth of Trojans in particular jump 46% from the previous year. That only seems like a big leap until you compare it to the 124% increase from 2004 to 2005, according to Kaspersky. Don't think, though, that this means Trojan writers are taking a hiatus. Kaspersy's analysts say there are thousands of new Trojans coming out every month.
What will they be focusing their attacks on this year? Banks and online banking customers will be heavily targeted, but so will online payment systems and online gamers, according to the report.
"Overall, epidemics and virus attacks will become defined in terms of geographical boundaries," writes Alexander Gostev, a senior virus analyst who wrote one of the four Kaspersky reports, which include Malware Evolution, Mobile Malware, Internet Attacks and Spam. "For example, in-game Trojans and worms with virus functionality are typically seen in Asia, while Europe and the U.S. tend to see Trojan spy programs and backdoors. South America is usually hit by a wide range of banking Trojans."
"Without a doubt, the most important underlying theme of 2007 will be the new Microsoft Vista operating system and its vulnerabilities," writes Gostev. "Vista's vulnerabilities and limitations will determine the development of the virus industry in the years to come. We do not expect to see any fast-moving or major changes, although this new OS will definitely define the trends in the year to come."
Coursen says they're expecting that not only the number of vulnerabilities initially found in Vista will direct the course of security work and risk for this year, but they also say that the level of Vista adoption will play a major role, as well. If few people are using it, hackers aren't likely to bother with it -- yet.
"We know there are some vulnerabilities [in Vista] that can be exploited and we know that upon its release the black hat community has definitely been taking a close look at exploiting inherent vulnerabilities in it or in third-party applications that run on it. I think it'll be quiet the first few months, but after a couple of updates from Microsoft, we'll have a better picture of how secure Vista really is," Coursen says. "If people readily adopt Vista, chances are we may see some very interesting hacks over the course of the year. It's always very, very interesting to see what happens in the security world when a new operating system is released."