Malware Doubled In 2007; Next Year Isn't Looking Better

Analysts with F-Secure and Websense predict an explosive growth of malware, bot attacks, QuickTime exploits, and viruses that target the iPhone.
At the start of 2007, computer security firm F-Secure had about 250,000 malware signatures in its database, the result of almost 20 years of antivirus research. Now, near the end of 2007, the company has about 500,000 malware signatures.

"We added as many detections this year as for the previous 20 years combined," said Patrik Runald, security response manager at F-Secure.

F-Secure's report on 2007 threats isn't a pretty picture. Beyond the explosive growth of malware, the year also saw the emergence of the Storm worm, a catch-all term for a series of related backdoor Trojans and e-mail worms that have been distributed to create a massive peer-to-peer botnet.

Shortly, F-secure expects the gang behind the Storm worm to open its botnet for business, renting access to other cyber criminals.

The F-Secure report also notes that Trojans that steal online bank login information and Trojans that steal passwords from online games became more popular in 2007 and will likely continue to do so in 2008. Runald notes that F-Secure is detecting 10 to 40 new variants of banking Trojans every day.

Apple products came under increasing attack in 2007. "We're seeing a lot more activity on Macs," said Runald, noting QuickTime exploits became more prevalent. "QuickTime is now installed in so many PCs, thanks to iTunes, that it has become a target."

F-Secure's report notes that rising Mac market share and Safari's availability for Windows and the iPhone have also encouraged cyber criminals, like those responsible for Zlob spyware, to try to exploit vulnerabilities in Apple software and hardware.

Data base breaches were big in 2007, with ongoing revelations about the scope of the TJX breach, the U.K. government's loss of some 25 million records about its citizens, and a spear phishing attack that netted a list of customers.

"Personal information available for exploit is everywhere," says F-Secure's report. "With the popularity of social networking sites it's ever more readily available to the bad guys. We'll see more bulk targeted attacks via spam as database leaks are used to enhance social engineering during 2008."

Outlook For 2008: Steganography And Vishing

The company is also predicting more mobile-oriented exploits and Web application exploits in the year to come.

"We're going to see more, better, stronger, faster attacks," said Runald.

Websense, another computer security firm, offers a similar view of 2008 in a report it issued on Wednesday.

Dan Hubbard, VP of security research at Websense, predicted a surge in attacks that attempt to exploit interest in the upcoming 2008 Olympic Games in Beijing, China. "It's just timely," he said. "It's global, and there's a big group to go after."

Hubbard expects spam directed at forums and blogs to grow, in part because e-mail spam protections have become more effective. By posting the URLs of malicious sites on popular blogs and forums, spammers hope to make their sites appear more prominent in search results lists.

Websense anticipates that attackers will look increasingly to exploit weaknesses in the interconnected nature of Web sites today, which often include data from ad services, widget providers, and other third-party sources. In fact, the company predicts that the number of exploited sites will surpass the number of sites created specifically to spread malware in 2008.

"Compromising sites -- particularly, sites well-visited by end-users, such as the Dolphin Stadium attack that occurred a few days prior to the 2007 Super Bowl XLI in Miami -- provides attackers with built-in Web traffic and minimizes the need for lures through email, instant messaging or Web posts," the Websense report says.

Websense foresees more Mac and iPhone attacks. And it anticipates more polymorphic JavaScript attacks -- malicious sites that serve uniquely coded attacks to each visitor as a way to defeat signature-based security.

As for data breaches, Websense expects cyber criminals to explore ways of disguising data, such as the use of steganography (hiding data in an image file), to sneak stolen information through guarded corporate firewalls.

Finally, Websense forecasts a rise in voice message spam and "vishing," which is phishing using automated voice calls in an attempt to prompt users to enter personal information through their mobile phones.

Hubbard expects some good news: He believes that one of the five or six major cyber crime groups will be shut down by law enforcement authorities. "We really think because they're so out in the open... there's going to be a big crackdown," he said.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing