Five new malware threats for 2009

It's a constant arms race between IT and the criminals - so what is the new malware tech that we can expect to see next year?

As IT gets more complex and sophisticated, so does the malware. MessageLabs revealed some of the new tricks and dangers we need to look out for next year.

1 - Mash-up malware

Web 2.0 is the ideal environment for malware which can change depending on the event or circumstances of a situation. Separately they may be harmless, but they can be constructed and combined to create a malicious attack.

With mash-ups users are able to combine data from many websites, but these can be used to construct a malicious attack. Malware-as-service will also be more common, which allows automated malware to be bought and released to order.

Cybercriminals are also very likely to find new ways to change and modify malware, making some undetectable even to the very best anti-virus solutions.

2 - Personal social network phishing

2008 saw the first time that criminals were making a much more concerted effort to phish social networking sites such as Facebook.

This will continue, but as bad guys will learn the way that members use the site they will develop better tricks to collect as much personal information as they can.

Regular email phishing will be a problem, but it's unlikely to be the traditional Nigerian-style 419 scam which end up fooling you. Targeted emails are becoming more common as it becomes easier for anybody to become to phish thanks to malware-as-a-service.

3 - The battle to CAPTCHA

Surfing the net you may have noticed that CAPTCHA letters are becoming more difficult to read. This is because botnets have been advanced enough to break them thanks to CAPTCHA-breaking software.

Providers have tried to fight back by enhancing the CAPTCHA process, which usually means making the letters difficult to read so CAPTCHA breaking software won't read it.

Like many aspects of computer security, it's an arms race between the CAPTCHA provider and the CAPTCHA breaker to see who has the best technology, either for defence or attack.

4 - Increased reputation hijacking

Thanks to the discovery of a fundamental flaw in the design of the internet DNS (Domain Name Service) protocol, it is in theory possible to poison a cache and cause somebody to be given the wrong IP address when it comes to something like email or simply surfing a website.

If in 2009 criminals successfully manage to take advantage of this flaw, it could lead to extremely serious repercussions. This is because criminals would be able to masquerade as a legitimate server and create a website which many people will be fooled into divulging credit confidential details.

5 - The new botnet generation

With the major botnets suffering a few hits at the back end of 2008 due to hosting services being taken down, these could move to other areas like Russia or China which may carry the technology for a more evolved type of malware.

MessageLabs described a particularly sophisticated type of botnet using hypervisor technology. This is where malware can exist as a virtualisation layer running directly on the hardware and intercepting key operating system calls.

This would mean the real operating system will remain unaware of the existence of underlying malware which is controlling the computer

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021