Top Ten 2007 Security Problems: Predictions

But from what angle? What failing or hole will the talented malware authors attempt to weasel into next? In theory, if we know where we’re most likely to be attacked, we’re better equipped to shore up our defenses.

With that in mind, eSecurity Planet spoke with Dave Marcus, the security research and communications manager for McAfree. The security firm recently announced the ten security vulnerabilities most likely to bedevil us in 2007, and Marcus provided some background.

In McAfee’s view, the ten security concerns to stay watchful for in 2007 are as follows:

1) The number of password-stealing Web sites will increase, using fake sign-in pages for popular online services such as eBay.

A lot of major Web sites have taken extra precautions to keep themselves from being hacked, Marcus says. “But at the same time, there’s such a huge jump in phishing sites and spam sites that will host the password-stealing Trojans.”

2) The volume of spam, particularly bandwidth-eating image spam, will continue to increase.

“At the beginning of 2006, we actually saw a drop in spam. And then in the last few months, we’ve seen this increase in spam – but it’s image spam.” This image spam is four to five times the size of text-only spam, yet image spam bypasses certain types of spam filters (filters set up to scan e-mail text for spam-style messages).

To prevent this, more and more enterprise are blocking attachment-bearing e-mails – which creates problems for people sending legitimate attachments. “So you’ve got a lot of different issues there,” Marcus says.

3) The popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code.

“We’ve seen, over the last year or so, more businesses allow instant messaging and peer-to-peer on their corporate networks,” Marcus says. Staffers are sending videos and sound bites over the corporate network with greater frequency.

“The funny thing about media malware is that media files are made to have content embedded in them,” he notes.

“So you double click on a media file, think you’re going to listen to some music – and bang – a browser pops up and downloads on to your machine.” Embedding viruses into media is very successful plan of attack for hackers, “Because people will download music and load it onto an iPod before they even think about it.”

4) Mobile phone attacks will become more prevalent as mobile devices become "smarter" and more connected.

Marcus uses the term smishing to refer to phishing done through SMS (short message service, which allows text messaging between cell phones). A smish is a text message sent to a cell phone that prompts an unsuspecting user to go to an Internet address that hosts malware or other security threats.

This is not yet a prevalent type of attack, but McAfee expects it to grow over the next year – and it’s already quite common in other parts of the world. “I noticed when I was in London last week, as soon as I landed I got six SMSs, and four of them were bogus,” Marcus says.

5) Adware will go mainstream following the increase in commercial Potentially Unwanted Programs (PUPs).

What, exactly, makes a program a PUP continues to be unclear. While the definitions of terms like “virus” and “worm” are clear, the lines between what’s spyware, adware, and ransomware are a little blurry. After all, some users voluntarily install adware, which then acts as spyware.

And at any rate, there are such huge fortunes made from installing spyware and adware on PCs that it’s not going to stop anytime soon. But, Marcus notes, “users need to be concerned because the machine can get so clogged with marketing spyware that it becomes almost unusable.”

Next page: More 2007 security problems