Revisiting the Crystal Ball: Updating Our 2007 Predictions

At the midyear mark when the sun is at its farthest point north””at least in our hemisphere””it seems appropriate to revisit our predictions for the Top 10 security threats in 2007. Just how good was the McAfee Avert Labs team at reading the tea leaves six months ago?

I conferred with my colleagues in Avert Labs and rounded up the latest data to see if the facts support our prognostications. Let’s revisit our forecast and see how well we did. I decided to score each prediction on a scale of 1 to 5, with 5 being the highest possible score for excellence in crystal ball gazing. (These are in no particular order.)

1. Password-stealing web sites are on the rise.
Score: 5

We continue to see exponential growth in phishing sites. Based on the number of sites blocked by our phishing traps, activity in January alone increased by 358 percent vs. the entire fourth quarter of 2006. February and March rose by at least 200 percent each compared to the same period. In total, the first three months of this year saw a 784 percent increase””with no slowdown in sight.

We also anticipate an increase in the abuse of open-content sites, such as Google and Wiki pages. Google accounts can be used to host drop boxes (via Gmail) or phishing sites (Google Docs). Even Internet archive sites will suffer.

2. Spam, particularly image spam, is on the increase.
Score: 3

The total volume of trap-based spam has stayed fairly flat during the first part of the year. Image spam accounted for to 65 percent of all spam at the beginning of the year and has now declined a bit. Image spam, which has messages embedded in images rather than text (typically pump-and-dump stocks, pharmacy, and degree spam), is still a force to be reckoned with. It hovers between 30 percent to 50 percent of all spam that tries to find its way into users’ inboxes.

3. The popularity of video on the web makes it a target for hackers.
Score: 4

There’s no doubt that hackers are riding the wave of online video available on hugely popular social networking sites like YouTube and MySpace. Astute social engineering”” coupled with video’s inherently easy-to-program format””has enabled cybercriminals to come up with a variety of clever tricks. Witness these recent MySpace exploits:

Earlier this year, hackers targeted fans of the French rock band MAMASAID. When fans visited a MySpace account promoting the music group, they’d get a Trojan called JS/SpaceStalk installed on their computers through an insecure feature in QuickTime, HREF Tracks, which allows links to be opened automatically when you run a movie. This link was misused to lure visitors to malicious web sites hosting spyware and other exploit code.

MySpace has also been the target of phishing scams. After gathering MySpace user credentials from phishing sites, spammers log in to accounts and then post spam messages on other accounts. It’s an issue because MySpace can’t close down legitimate user accounts.

4. Mobile phone attacks will become more prevalent.
Score: 0

Surprisingly, mobile malware numbers are down for the first quarter of 2007 (12 attacks), compared to the first quarter of 2006 (47).

5. Adware will go mainstream.
Score: 3

Because adware has gotten such a bad rap, businesses are experimenting with more creative ways to deliver ads on the Internet. BitTorrent is setting a trend by offering free ad-supported downloads rather than paid downloads for its online TV network, so customers see ads before and after watching an episode or a movie””much like traditional television. YuMe Networks is also likely to follow this model.

6. Identity theft and data loss will continue to be a public issue.
Score: 5

According to Attrition’s Data Loss Database””Open Source, more than 13.7 million records have been breached thus far. Compare that to 1.8 million during the same period last year! We maintain our belief that the unauthorized transmission of information will become more of a risk for enterprises. This includes loss of customer data, employee personal information and intellectual property from a variety of channels””applications, networks, and even physical channels, like USB devices, printers, fax and removable storage. If you want to get a more detailed picture of how grave the problem is, take a look at the recent Datamonitor report [“Datagate: The Next Inevitable Corporate Disaster?”] According to the report, more than 60 percent of respondents interviewed experienced data loss within the last year, and an astounding 33 percent believe it could put them out of business!

7. The use of bots will increase.
Score: 3

The statistics from our daily collections show that bots actually declined to a low point in November 2006, but are now increasing again. The numbers aren’t as high as they were 12 months ago, but they’re definitely heading up.

8. Parasitic malware will make a comeback.
Score: 5

There’s no doubt about this one. Philis and Fujacks continue to be active parasitic families, and Avert Labs has classified more than 150 new variants of these two families since 2007. And, let’s not forget other families like Sibil, Grum, and Expiro.

9. The number of rootkits on 32-bit platforms will increase.
Score: 4

According our Virus Tracking Map, approximately 200,000 systems reported rootkit infestations since the beginning of 2007””a 10 percent increase over the first quarter of 2006. (By the way, if you want to check your system, download our free Rootkit Detective. And, of course, VirusScan for Enterprise includes antirootkit technology.)

10. Vulnerabilities will continue to cause concern.
Score: 5

Not only do they continue to cause concern, there are more of them to worry about than ever before. In January and February 2006, Microsoft issued patches for five important and five critical vulnerabilities. During the same months this year, Microsoft patched nine important and 27 critical vulnerabilities.

So, when all is said and done, it looks like our oracles hit the mark in most areas. Stay tuned for a re-evaluation of these trends later this year.