Five new malware threats for 2009

It's a constant arms race between IT and the criminals - so what is the new malware tech that we can expect to see next year?

As IT gets more complex and sophisticated, so does the malware. MessageLabs revealed some of the new tricks and dangers we need to look out for next year.

1 - Mash-up malware

Web 2.0 is the ideal environment for malware which can change depending on the event or circumstances of a situation. Separately they may be harmless, but they can be constructed and combined to create a malicious attack.

With mash-ups users are able to combine data from many websites, but these can be used to construct a malicious attack. Malware-as-service will also be more common, which allows automated malware to be bought and released to order.

Cybercriminals are also very likely to find new ways to change and modify malware, making some undetectable even to the very best anti-virus solutions.

2 - Personal social network phishing

2008 saw the first time that criminals were making a much more concerted effort to phish social networking sites such as Facebook.

This will continue, but as bad guys will learn the way that members use the site they will develop better tricks to collect as much personal information as they can.

Regular email phishing will be a problem, but it's unlikely to be the traditional Nigerian-style 419 scam which end up fooling you. Targeted emails are becoming more common as it becomes easier for anybody to become to phish thanks to malware-as-a-service.

3 - The battle to CAPTCHA

Surfing the net you may have noticed that CAPTCHA letters are becoming more difficult to read. This is because botnets have been advanced enough to break them thanks to CAPTCHA-breaking software.

Providers have tried to fight back by enhancing the CAPTCHA process, which usually means making the letters difficult to read so CAPTCHA breaking software won't read it.

Like many aspects of computer security, it's an arms race between the CAPTCHA provider and the CAPTCHA breaker to see who has the best technology, either for defence or attack.

4 - Increased reputation hijacking

Thanks to the discovery of a fundamental flaw in the design of the internet DNS (Domain Name Service) protocol, it is in theory possible to poison a cache and cause somebody to be given the wrong IP address when it comes to something like email or simply surfing a website.

If in 2009 criminals successfully manage to take advantage of this flaw, it could lead to extremely serious repercussions. This is because criminals would be able to masquerade as a legitimate server and create a website which many people will be fooled into divulging credit confidential details.

5 - The new botnet generation

With the major botnets suffering a few hits at the back end of 2008 due to hosting services being taken down, these could move to other areas like Russia or China which may carry the technology for a more evolved type of malware.

MessageLabs described a particularly sophisticated type of botnet using hypervisor technology. This is where malware can exist as a virtualisation layer running directly on the hardware and intercepting key operating system calls.

This would mean the real operating system will remain unaware of the existence of underlying malware which is controlling the computer

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021