Five new malware threats for 2009

It's a constant arms race between IT and the criminals - so what is the new malware tech that we can expect to see next year?

As IT gets more complex and sophisticated, so does the malware. MessageLabs revealed some of the new tricks and dangers we need to look out for next year.

1 - Mash-up malware

Web 2.0 is the ideal environment for malware which can change depending on the event or circumstances of a situation. Separately they may be harmless, but they can be constructed and combined to create a malicious attack.

With mash-ups users are able to combine data from many websites, but these can be used to construct a malicious attack. Malware-as-service will also be more common, which allows automated malware to be bought and released to order.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Cybercriminals are also very likely to find new ways to change and modify malware, making some undetectable even to the very best anti-virus solutions.

2 - Personal social network phishing

2008 saw the first time that criminals were making a much more concerted effort to phish social networking sites such as Facebook.

This will continue, but as bad guys will learn the way that members use the site they will develop better tricks to collect as much personal information as they can.

Regular email phishing will be a problem, but it's unlikely to be the traditional Nigerian-style 419 scam which end up fooling you. Targeted emails are becoming more common as it becomes easier for anybody to become to phish thanks to malware-as-a-service.

3 - The battle to CAPTCHA

Advertisement - Article continues below

Surfing the net you may have noticed that CAPTCHA letters are becoming more difficult to read. This is because botnets have been advanced enough to break them thanks to CAPTCHA-breaking software.

Providers have tried to fight back by enhancing the CAPTCHA process, which usually means making the letters difficult to read so CAPTCHA breaking software won't read it.

Like many aspects of computer security, it's an arms race between the CAPTCHA provider and the CAPTCHA breaker to see who has the best technology, either for defence or attack.

4 - Increased reputation hijacking

Advertisement
Advertisement - Article continues below

Thanks to the discovery of a fundamental flaw in the design of the internet DNS (Domain Name Service) protocol, it is in theory possible to poison a cache and cause somebody to be given the wrong IP address when it comes to something like email or simply surfing a website.

If in 2009 criminals successfully manage to take advantage of this flaw, it could lead to extremely serious repercussions. This is because criminals would be able to masquerade as a legitimate server and create a website which many people will be fooled into divulging credit confidential details.

Advertisement - Article continues below

5 - The new botnet generation

With the major botnets suffering a few hits at the back end of 2008 due to hosting services being taken down, these could move to other areas like Russia or China which may carry the technology for a more evolved type of malware.

MessageLabs described a particularly sophisticated type of botnet using hypervisor technology. This is where malware can exist as a virtualisation layer running directly on the hardware and intercepting key operating system calls.

This would mean the real operating system will remain unaware of the existence of underlying malware which is controlling the computer

Featured Resources

Report: The State of Software Security

This annual report explores important trends in software security

Download now

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Download now

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Small & Medium Business Trends Report

Insights from 2,000+ business owners and leaders worldwide

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/in-depth/354726/sonos-speakers-are-environmentally-unsound
In-depth

Sonos speakers are environmentally unsound

9 Feb 2020