December 20, 2007
PandaLabs, Panda Security’s anti-malware laboratory, has forecast how Internet threats will evolve in 2008.
One of the key factors will be the increase in the amount of known and unknown malware in circulation. If there has already been a notable increase in 2007 compared to previous years, this trend will most likely intensify in 2008.
PandaLabs also expects this growth to affect platforms that have not previously been targeted by cyber-crooks. There could be an increase in threats aimed at Mac systems or VoIP services.
The objectives of threat creators will remain the same as today, i.e, obtaining confidential data for online fraud and theft. Banker Trojans will continue to be present and there will be a significant rise in the number of Trojans designed to steal information from users of social networks (Myspace, Facebook, etc.), and online games. The year 2007 saw this kind of data theft consolidate as a new criminal business model on the Internet.
According to Luis Corrons, technical director of PandaLabs, “The current platforms will not be the only ones under attack. As systems like iphone, gphone, etc., become more popular among users, malware creators will start to use them to spread their creations and obtain benefits”.
Main means of propagation
Over the current year we have seen the increasing use of malware installation kits capable of exploiting vulnerabilities in servers. These would modify web pages that automatically infected the visitors’ computers. Such activities will increase considerably in 2008, as these tools have proven to be very effective when it comes to infecting a large number of systems. Also, cyber-criminals will continue to be on the lookout for new vulnerabilities in operating systems and applications that allow them to install malware without the user’s knowledge.
In addition to this, classic techniques like social engineering will continue to be used although they could adopt new forms: from greeting cards to fake Windows updates, as has occurred recently.
Another means of propagation in 2008 will be the so-called “drive-by download”, which consists of inserting a page that can detect vulnerabilities on target computers to infect them.
More complex malware
Malware attacks have been increasingly sophisticated throughout 2007 in the technological field and there is evidence that new malware is becoming increasingly complex. This complexity stems from the merging of several types of threats, resulting in the appearance of hybrid malware. It appears that this phenomenon will continue over the next year.
PandaLabs notes that malware such as bots or Trojans will be controlled remotely not only through IRC, but also P2P networks or the HTTP protocol. “This is cyber-crooks’ way of ensuring the success of their malicious activities, as this type of system allows communications to be encrypted, making detection harder”, explains Luis Corrons.
Dominic Hoskins, Panda UK, added: “Thanks to Panda Security's Collective Intelligence Model we continue to be able to detect and analyse new threats rapidly and are well prepared to protect our customers. PandaLabs leads the way in threat detection, which is good news for our customers”.
Panda Security offers several free tools for scanning PCs at http://www.infectedornot.com/
Panda Security has launched its new 2008 consumer product line
New Panda Security suite comprises Panda Antivirus 2008, Panda Antivirus+Firewall 2008 and Panda Internet Security 2008