The 2006 Threat Landscape in Review
2006 witnessed a change in the nature of threats, their growing sophistication as well as an increase in the number of overall malware threats. Threats are shifting from widespread to regional and targeted attacking PC users in a specific country, from a particular company, or of a certain website like MySpace or eBay.
In addition to email and messaging threats, the web is emerging as a powerful threat vector, fueled in part by the increasing popularity of social networking sites, such as You Tube and Wikipedia. A web threat is a threat that uses the Internet to perform malicious and often self-perpetuating activities. It typically consists of one or more malicious programs that are installed on a user's PC without his/her knowledge, permission or understanding when the user accesses the Internet. The individual programs may either be invisible or seem benign to the user, but, when activated individually or in combination, can steal confidential information, such as passwords, bank account numbers and proprietary corporate information.
Email and web threats are being used in conjunction to create malicious, viral threats. For example, a malicious URL may be sent in a spam email to thousands of recipients. In a similar vein, blended threats, multiple pieces of malware working together such as a Trojan and a keylogger, are used increasingly to get PC users to click on malicious links and download compromised files.
While the fight against spyware appears to be at its peak, some adware is, with the advent of click fraud, on the verge of becoming malware. Click fraud occurs in pay-per-click online advertising when a person, automated script, or computer program imitates a legitimate user of a Web browser clicking on an ad, for the purpose of generating a charge per click without having any actual interest in the target of the ad's link.
Malware creators have an ever increasing and technologically sophisticated tool set at their disposal, comprised of bots and botnets, rootkits, social engineering, spyware and adware. Since December 2005, Trend Micro has seen an increase of more than 140,000 bots every month. As noted in previous articles, botnets provide wide distribution and bots perform their duties clandestinely with the potential to be used again and again. Rootkits allow malware to remain hidden by hiding processes, registry entries, and related files from antivirus scanners and other security checks. Variants of the TROJ_ROOTKIT family became one of the top 20 most prevalent malware of 2006.
Malware creators are now motivated more than ever by financial gain and Trend Micro has witnessed the rise of underground economies specifically for creating, selling and purchasing malware, crimeware and spyware/adware.
Rather than create malware that deletes files and decimates PCs, malware creators are generating malware that surreptitiously resides on PCs waiting to be called into action by a botmaster or the right moment to steal personal information. They continue to produce malware that is more likely to evade detection. During 2006, spammers developed the technique of image spam in an effort to bypass spam filters. The main content of such e-mails is an image with the advertisement text. To make their detection more difficult, these images often include random elements, such as lines and dots throughout the text. This adds complexity to the heuristic engines and other filters used to detect spam.
As threats continue to evolve both business and home PC users will need to implement (and keep up-to-date) the latest security solutions, products and services and keep abreast of the emerging threat landscape.
Stay tuned for the next issue where we will discuss the threats we expect to be popular in 2007.
