The malware phenomenon is fuelled by a growing online market for identity theft, spam and adware. This is prompting criminals to more closely mimic the processes that have been adopted by legitimate software developers such testing and quality assurance procedures, the security vendor observed.
"The goal now is making money through data theft or adware. They write them for different reasons, to make money off it," said David Marcus, McAfee's security research and communications manager with McAfee.
Online criminals will develop malware for any application that attracts large numbers of consumers and as a result are likely to start creating movie Trojans. When a user opens such a file in their media player, the software will automatically start downloading and installing malware or adware. A first example of such an online threat was detected earlier this month in the Realor worm that targets the Real Player.
Mobile phones too are expected to receive increased scrutiny from criminals. As the Symbian operating system is becoming the de facto standard for consumer smart phones and is reaching critical mass, the software becomes an attractive target for malware authors. Smartphones furthermore are started more closely resemble computers as consumers are getting use to install and run software on the devices.
Microsoft's Windows Vista operating system is notably absent from McAfee's list of security predictions for 2007. The software offers several technologies that prevent attacts that are common today. Marcus however expects that it will take malware authors about nine months before they figure out ways to compromise the software's defenses.
Despite the onslaught of new security vulnerabilities, Marcus remained o ptimistic about the overall state of computer security, pointing to advances in security software.
"It's not doomsday. The bad guys always do their best, but the [security] industry is also maturing," Marcus said.
McAfee's complete list of predictions for next year:
- The number of password-stealing Web sites will increase using fake sign-in pages for popular online services such as eBay
- The volume of spam, particularly bandwidth-eating image spam, will continue to increase
- The popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code
- Mobile phone attacks will become more prevalent as mobile devices become " smarter” and more connected
- Adware will go mainstream following the increase in commercial Potentially Unwanted Programs
- Identity theft and data loss will continue to be a public issue – at the root of these crimes is often computer theft, loss of back-ups and compromised information systems
- The use of bots, computer programs that perform automated tasks, will increase as a tool favored by hackers
- Parasitic malware, or viruses that modify existing files on a disk, will make a comeback
- The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well
- Vulnerabilities will continue to cause concern fueled by the underground market for vulnerabilities.