Five new malware threats for 2009

It's a constant arms race between IT and the criminals - so what is the new malware tech that we can expect to see next year?

As IT gets more complex and sophisticated, so does the malware. MessageLabs revealed some of the new tricks and dangers we need to look out for next year.

1 - Mash-up malware

Web 2.0 is the ideal environment for malware which can change depending on the event or circumstances of a situation. Separately they may be harmless, but they can be constructed and combined to create a malicious attack.

Advertisement - Article continues below

With mash-ups users are able to combine data from many websites, but these can be used to construct a malicious attack. Malware-as-service will also be more common, which allows automated malware to be bought and released to order.

Cybercriminals are also very likely to find new ways to change and modify malware, making some undetectable even to the very best anti-virus solutions.

2 - Personal social network phishing

2008 saw the first time that criminals were making a much more concerted effort to phish social networking sites such as Facebook.

This will continue, but as bad guys will learn the way that members use the site they will develop better tricks to collect as much personal information as they can.

Regular email phishing will be a problem, but it's unlikely to be the traditional Nigerian-style 419 scam which end up fooling you. Targeted emails are becoming more common as it becomes easier for anybody to become to phish thanks to malware-as-a-service.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

3 - The battle to CAPTCHA

Surfing the net you may have noticed that CAPTCHA letters are becoming more difficult to read. This is because botnets have been advanced enough to break them thanks to CAPTCHA-breaking software.

Providers have tried to fight back by enhancing the CAPTCHA process, which usually means making the letters difficult to read so CAPTCHA breaking software won't read it.

Like many aspects of computer security, it's an arms race between the CAPTCHA provider and the CAPTCHA breaker to see who has the best technology, either for defence or attack.

4 - Increased reputation hijacking

Thanks to the discovery of a fundamental flaw in the design of the internet DNS (Domain Name Service) protocol, it is in theory possible to poison a cache and cause somebody to be given the wrong IP address when it comes to something like email or simply surfing a website.

Advertisement - Article continues below

If in 2009 criminals successfully manage to take advantage of this flaw, it could lead to extremely serious repercussions. This is because criminals would be able to masquerade as a legitimate server and create a website which many people will be fooled into divulging credit confidential details.

5 - The new botnet generation

With the major botnets suffering a few hits at the back end of 2008 due to hosting services being taken down, these could move to other areas like Russia or China which may carry the technology for a more evolved type of malware.

MessageLabs described a particularly sophisticated type of botnet using hypervisor technology. This is where malware can exist as a virtualisation layer running directly on the hardware and intercepting key operating system calls.

This would mean the real operating system will remain unaware of the existence of underlying malware which is controlling the computer

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/server-storage/servers/356083/the-best-server-solution-for-your-smb
Sponsored

The best server solution for your SMB

26 Jun 2020