2007 Threat Forecast
Sophisticated new techniques and refined goals have made the threat landscape more dangerous than ever. To prevent identity and information theft, consumers and businesses must be familiar with and prepared for new attack methods that are anticipated for 2007.
Web Threats
Web threats--threats that originate on the Internet and are typically blended, using a combination of files and threats-are a new category of threats that emerged in 2006. Spawning large numbers of variants and generally targeted at smaller or regional audiences, these threats surreptitiously hide on PCs or the Web, infecting PCs with bots, rootkits, and malware, and installing adware and spyware. Their ultimate goal is profit.
As more of the world goes online and the Internet is used more frequently for video and music download as well as community-building and social networking, web threats will continue to grow. Malware authors will go to great lengths for financial gain, including setting up bogus websites that imitate legitimate websites in hopes of getting visitors to download malware or clicking on links as part of click fraud schemes. Equipped with an arsenal of technologies and tools, such as botnets and social engineering, malware authors will fuel the growth of web threats in 2007.
Regional and Targeted Attacks
Trend Micro has observed that both email and web threats are more regional and targeted in comparison with the malware of previous years that aimed to attack as many PC users as possible and create mass outbreaks across the globe. For example, in 2004, a malware outbreak would have spread around the world and caused security companies to pursue immediate solutions for cleaning and preventing infections. During 2006, however, malware outbreaks targeted email address lists, visitors to specific Websites and email and Internet users in a particular country. With the exception of bots, most modern malware does not easily spread. Once an attack is successful, today's malware remains active until it can steal a user's personal information and eventually their money.
Regional and targeted attacks rely heavily on social engineering, such as promoting free sports tickets, mimicking corporate emails and including official looking (but malicious) links. Fake emails and websites are typically written in the language of the targeted region. While regional and targeted attacks affect fewer users than in the past, they are more difficult to eradicate because they have specific objectives and frequently self-update.
Bots and Botnets
Due to the power and sophistication of bots and botnets, they will remain the hacker's best friend in 2007. Their ability to remain undetected and be called into action on a moment's notice for use in spam, phishing, denial of service, keylogging and other malware- and crimeware-related activities as well as their capacity to evolve and take advantage of new technologies makes them a key player in the threat landscape.
Image Spam
Image spam emerged in 2006 as a method of bypassing spam filters. Image spam displays the spam message in an image rather than text in the body of the email. Spammers also randomize the image by using different sizes, backgrounds, and borders to prevent the use of traditional spam signatures. Images can also be used in phishing emails, showing a message in an image which links to a fraudulent Web site.
Image spam subject matter typically includes pharmaceutical products (Viagra, Xanax, Valium), financial/investing information (hot stock tips) and luxury goods (Rolex watches, Prada handbags). Trend Micro expects image spam to continue throughout 2007.
IE7
Due to the sheer proliferation of Microsoft Windows Internet Explorer and the introduction of a new version, Microsoft Windows Internet Explorer (IE) 7, Microsoft's latest web browser is a prime target for malware authors. Additionally, IE7 offers new features, such as tabbed browsing, that provide opportunities for spyware and adware exploits. As a user can now easily add a new tab to the browser, Trend Micro expects adware tabs will replace pop-up ads in IE7 in what is referred to as tab jacking. Tab jacking will allow persistent, ad-based tabs that will reappear whenever IE 7 is restarted.
Click Fraud and Adware
As IE 7 includes its own embedded search box, users no longer need to visit a separate search engine such as Google. Trend Micro expects adware companies will hijack the configurable search box to operate searches on their own search engines, generating search engine Pay Per Click revenue for the adware companies.
Trend Micro also expects developers of spyware and other aggressive adware marketing tools to seek even sneakier ways to drop their adware on computers, helping to fuel click fraud.
