Skip to Content

Home > Technology Services > Information Security @ SCU > Security Trends

Global Security Trends

Mcafee's Security Research Centre has provided a prediction on the security threats.

Below is an explanation of each trend:

1. The number of password-stealing Web sites will increase using fake sign-in pages for popular online services such as eBay.

eBay, myspace, Australian and overseas banks, Paypal are all being used for phishing attacks. This is one of the most commons way an attacker uses to steal passwords. One of the most common methods used is to send the fake links in emails. You might be aware of the recent security flaw that was spotted with Firefox 2's password manager that allows attackers to steal passwords even if the fake page is not situated on the main site.

Myspace has been in the news a lot lately with the password stealing issues and phishing attacks. Fake YouTube videos were also found at over 1500 myspace pages that lead to another site which downloaded spyware and over 4000 fake login pages that have been used to steal passwords.

2. The volume of spam, particularly bandwidth-eating image spam, will continue to increase.

Image spam accounts for up to 40 percent of the total spam received, compared to less than ten percent in previous years. Image spam has been significantly increasing for various kinds of spam, typically pump-and-dump stocks, pharmacy and degree spam, are now sent as images rather than text. Image spam is typically three times the size of text based spam, so this represents a significant increase in the bandwidth used by spam messages.

More and more Image spams are being used since they can pass through the spam scanners relatively easily. The spam scanners read the text messages and screens it. But they can't scan an image and filter it. So more and more images are being used to send spams to emails. This also leads to increased size in the inbox.

3. The popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code.

The increasing use of video formats on social networking sites such as MySpace, YouTube and VideoCodeZone will attract malware writers seeking to easily permeate a wide network. Unlike situations involving email attachments, most users will open media files without hesitation. Furthermore, as video is an easy-to-use format, functionality such as padding, pop-up ads and URL redirects become ideal tools of destruction for malware writers. In combination, these issues make malicious coders likely to achieve a high degree of effectiveness with media malware.

Recently a threat was detected in this area with the Realor worm that targets the Real Player. Attackers are concentrating more on Movie Trojans with the popularity of video sharing. Apart from targetting online videos the attackers can also upload video files which, after a user downloads it, will open it in their media player. The software will then automatically start downloading and installing malware or adware.

4. Mobile phone attacks will become more prevalent as mobile devices become 'smarter' and more connected.

Mobile phone attacks have already started but it is not as wide spread as in the PC world - however this area is just waiting to erupt. With smart phone users increasing day by day, it is likely attackers will be motivated since the victims are larger in number. Already mobile phone trojans that uses JAVA has been spotted world wide. This is mostly used for monetary purposes and also can be used for blackmailing since mobile phones can carry sensitive information. BlueTooth hacking and putting spyware on phones have all started rolling.

Mobile threats will continue to grow as platform convergence continues. The use of smartphone technology has played a pivotal role in the threats transition from multifunction, semi-stationary PCs to palm-sized 'wearable' devices. With increased connectivity through BlueTooth, SMS, instant messaging, email, WiFi, USB, audio, video and Web, there are more possibilities for cross device contamination.

SMiShing, which involves taking the techniques of phishing by email and porting them to SMS (SMiShing instead of phishing), is also expected to increase in prevalence. In August 2006, McAfee Avert Labs received its first sample of a SMiShing attack with VBS/Eliles, a mass mailing worm that also sends short message service (SMS) messages to mobile phones. By the end of September 2006, four variants of the worm had been discovered. In addition, for-profit mobile malware is expected to increase in 2007. While most of the malware Avert Labs has run across includes relatively simple Trojan horses, the outlook has changed with the J2ME/Redbrowser Trojan. J2ME/Redbrowser is a Trojan horse program that pretends to access Wireless Access Protocol (WAP) web pages via SMS messages. In reality, instead of retrieving WAP pages, it sends SMS messages to Premium Rate numbers, thus costing the user more than intended. A second J2ME, Wesber, appearing in late 2006, also sends out messages to a premium SMS number.

Late 2006 saw a flurry of spy-ware offerings in the mobile world. Most are designed to monitor phone-numbers and SMS call-logs, or to steal SMS messages by forwarding copies to another phone. One spyware in particular, SymbOS/Flexispy.B, is able to remotely activate the microphone of the victim's device, allowing someone to eavesdrop upon that person. Other spyware can activate the camera. It is expected that the offerings of commercial spyware targeting mobile devices will grow in 2007.

5. Adware will go mainstream following the increase in commercial Potentially Unwanted Programs (PUPs)

It is said that already 91% of the PC's in the world are infected with some kind of spyware. And now a days people are downloading any software that looks enticing without realising the consequences. Spyware, unlike viruses and trojans, are not totally illegal. Spyware that has been installed with the "informed consent" of a user can always escape any legal issues simply by saying that the user has accepted the terms and conditions before installing it. This happens because many of the users don't even read the terms and conditions before installing a software. Adware, the cousin of spyware is equally a nuisance with ads popping up on your screen which not only invades the screen but also slows down the PC or may be even bring it to a stand still.

The year 2006 saw an increase in commercial Potentially Unwanted Programs (PUPs), and an even larger increase in related types of malicious Trojans, particularly keyloggers, password-stealers, bots and backdoors. In addition, misuse of commercial software by malware with remotely controlled deployment of adware, keyloggers and remote control software is on the rise. However, despite the social, legal and technical challenges, there is so much commercial interest in advertising revenue models that security companies expect to see more legitimate companies using or attempting to use advertising software in ways (hopefully) less objectionable to consumers than most current adware.

6. Identity theft and data loss will continue to be a public issue - at the root of these crimes is often computer theft, loss of back-ups and compromised information systems.

At the root of these crimes is often computer theft, loss of backups or compromised information systems. While it is expected that the number of victims will remain relatively stable, company disclosures of lost or stolen data, increasing incidents of cyberthefts and hacking into retailer, processor and ATM systems and reports of stolen laptops that contain confidential data will continue to keep this topic of public concern.

'Mules' will also continue to be an important aspect in bot-related money making schemes. These are work-at-home type jobs which are offered through very professional-looking websites, through classified ads, and even through instant messaging (IM). These are a crucial part of the reason so many bots are able to be run from places around the globe. In order to get merchandise (often to resell) or cash with stolen credit card credentials, the thieves have to go through more strict regulations if the goods are going to another country. To get around these regulations, they use mules within those originating countries.

Parasitic malware is making a comeback.Even through parasitic malware accounts for less than 10 percent of all malware (90 percent of malware is static), it seems to be making a come back. Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. When the user runs the infected file, the virus runs too. W32/Bacalid, W32/Polip and W32Detnat are three popular polymorphic parasitic file infectors identified in 2006 that have stealth capabilities and attempt to download Trojans from compromised Web sites.

Also important to note is that 80 percent of all malware is packed, encrypted, or obfuscated, in some attempt to disguise its malicious purpose. Examples of parasitic infectors that are obfuscated include w32/Bacalid and w32/Polip. Rootkits will increase on 32-bit platforms - but protection and remediation capabilities will increase as well.

7. The use of bots, computer programs that perform automated tasks, will increase as a tool favored by hackers.

Bots will increase. Bots, computer programs that perform automated tasks, are on the rise, but will move away from Internet Relay Chat (IRC)-based communication mechanisms and towards less obtrusive ones. In the last few years, there has been increasing interest within the virus-writing community in IRC threats. This was due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure.

Botnets are already widespread in the world of Trojan attacks. And most of the Trojans themselves once installed in your PC, will act like bots that perform tasks. Some bots are dormant waiting to be activated at a particular time to send info to the attacker. One of the threats which would be be hard to detect is the combination of a Rootkit and Trojan.

8. Parasitic malware, or viruses that modify existing files on a disk, will make a comeback.

Even through parasitic malware accounts for less than 10 percent of all malware (90 percent of malware is static), it seems to be making a come back. Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. When the user runs the infected file, the virus runs too. W32/Bacalid, W32/Polip and W32Detnat are three popular polymorphic parasitic file infectors identified in 2006 that have stealth capabilities and attempt to download Trojans from compromised Web sites.

Also important to note is that 80 percent of all malware is packed, encrypted, or obfuscated, in some attempt to disguise its malicious purpose. Examples of parasitic infectors that are obfuscated include w32/Bacalid and w32/Polip. Rootkits will increase on 32-bit platforms - but protection and remediation capabilities will increase as well.

9. The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase also.

Root kits are hard to detect but fortunately all the top Antivirus makes have come up with solutions to deal with this problem. RootKits are viruses that escalate privileges of the user at the root level. It simply means that that user has the administrative powers. So if a program has the same privileges it means that it can bury itself into the operating system's Application Program Interface (API). This will then facilitate what is called man in the middle attacks between the operating system and the programs that rely on it, deciding what those programs can see and do.

Rootkits are typically not malicious by themselves but are used for malicious purposes by viruses, worms, backdoors and spyware. A virus combined with a rootkit produces what was known as full stealth viruses in the MS-DOS environment.

10. Vulnerabilities will continue to cause concern fueled by the underground market of hackers.

Underground markets for vulnerabilities refers to the way hacking tools, exploits, botnets etc are sold for huge amounts. There are even some IRC "ghettos" where such things are advertised and marketed. Botnets are sold at a high price to people who want to bring down a website for Dos attacks using the zombie computers and for any other malicious purposes. In Feb 06 a WMF (windows Meta File) exploit was sold for $4000 in the under ground market by some Russian hacker groups.

The number of disclosed vulnerabilities is expected to rise in 2007. Thus far in 2006, Microsoft has announced 140 vulnerabilities through its monthly patch program. This number is expected to grow due to the increased use of fuzzers, which allow for large scale testing of applications, and due to the bounty program that rewards researchers for finding vulnerabilities. This year to date, Microsoft has already patched more critical vulnerabilities than in 2004 and 2005 combined. By September 2006, the combined 2004 and 2005 total of 62 critical vulnerabilities had already been surpassed.

A trend in zero-day attacks following Microsoft's monthly patch cycle is also emerging. Since the patches are issued only once per month, this encourages exploit writers to release zero-day Microsoft exploits soon after a month's Patch Tuesday to maximize the windows vulnerability of exposure.

Updated: 23 April 2012