2009-01-01
Abstract
'[In 2009] the web will be infected like never before.' Graham Cluley, Sophos, UK.
Copyright © 2008 Virus Bulletin
If you’re anything like me you’ll have risen on 1 January 2008 full of optimism that it would be a better year for computer security. But, let’s be honest, it wasn’t that great was it?
We saw more malware being produced than ever before, as the bad guys sped up their conveyor belts creating Trojan horses and injected malicious code into websites at a much faster rate than ever before.
Well-known brand names like BusinessWeek, Sony and Adobe were amongst those who fell foul of SQL injection attacks, suffering the humiliation of infecting visiting customers because of sloppy website coding.
Scareware (or fake anti-virus products) also barnstormed into prominence like never before. The security community has been trying to raise awareness of computer security amongst the general public for years, but ironically the advice many listened to was from scammers trying to fool them into buying bogus products with fake alert messages. Hacking gangs have become proficient at producing professional-looking websites posing as legitimate security vendors.
2008 saw a surge in both spammers and malware authors turning to social networks like Facebook – stealing the usernames and passwords of the unwary in their attempts to sell dubious wares or find new computers to infect.
With this and other security threats causing headaches for computer users, it’s not surprising that many of us are thinking ‘good riddance to 2008’.
But what will 2009 bring? Will we have a better year than the last one? Well, here are some of my predictions.
First of all, the easy ones, as some things do seem certain. For instance, the variety of attacks and their number will continue to escalate. Modern-day malware is driven by the desire of organized criminal gangs to break into computers to steal information, identities and resources.
Botnets will continue to be a key component of cybercrime. Compromised PCs, both at home and at work, will still be the primary source of spam in 2009. McColo’s disconnection from the net was a victory that should be celebrated as it brought down botnet command-and-control centres, but its impact on spam levels will be short-lived. More botnets in future will adopt a decentralized, P2P-style of operation, making quick wins harder to achieve.
The web will be infected like never before. While most computer users have their email scanned for malware, far fewer people are properly scanning the web content that is being sent to their desktops.
Websites are becoming more complex – you no longer have a static set of web pages that you can simply scan for malicious content, since pages are often constructed in real time, possibly from individual snippets of data from many different fields in many different tables in many different databases. Meanwhile, on the client side, browsers are becoming more complex. You need to rely on your browser – and perhaps a large number of add-on DLLs and plug-ins – to protect you from malicious or dangerous actions programmed into scripts.
I predict we will see more use of non-EXE files by criminals in 2009. We can expect to be fighting legitimate-looking data files, such as Word DOCs and PDFs, that are booby-trapped with exploits against software vulnerabilities.
Finally, a prediction which may not come true in 2009, but surely soon will. Towards the end of last year there was an almighty kerfuffle as Apple pushed out conflicting messages regarding the need or otherwise for anti-virus software on the Mac platform. Whatever the scale of the malware problem on Apple Macs at the moment, it seems inevitable that the cybercriminals will find it irresistible to launch more attacks against a community which has largely taken a laissez-faire attitude to security.
Sounds gloomy doesn’t it? But I believe that, if managed properly, the problem should not be insurmountable. The good news is that security vendors are improving all the time, and sharing their expertise via industry initiatives like the Virus Bulletin conference. Proactive detection of new, unknown malware threats is at an all-time high, and computer users can dramatically reduce the risks in the year ahead by following sound security practices and using up-to-date protection.
