Welcome to your top 10 security threats for 2007 by
Alan Zisman (c) 2006 First published in Business
in VancouverDecember 19-25, 2006; issue 895
High Tech Office column;
With a database listing nearly a quarter of a million computer threats,
security company McAfee is in
a good position to comment on trends. Its prediction: 2007 will be the
year when “hacking comes of age.”
A sober top 10 (in no particular order) for the new year:
An increase in password-stealing websites: more
websites featuring fake sign-ins to capture user log-in information.
Especially sad, sites masquerading as charities, as we saw after
2005’s Hurricane Katrina.
As we’ve seen lately, spam – particularly messages embedded
in graphics, will continue to deluge us, overwhelming text-focused spam
filters. Currently, these messages are primarily for stock scams,
pharmaceuticals and bogus degree-granting institutions. Image spam
accounted for 10 per cent of all spam in 2005, but has risen to 40 per
cent of the total now. As online video grows in popularity, it will
attract increased hacker attention. Users have grown justifiably
suspicious of e-mail attachments, but many will open online media files
without hesitation, making these an increasingly attractive method for
distributing malware. Worms and spyware started appearing late in 2006
hitching a ride on video files.
Mobile phone attacks will grow in 2007. Increased
use of smartphones with text messaging, instant messaging, Bluetooth
connectivity and more will make them a popular way to spread
infections, both between phones and between phones and PCs.
We’ve seen the beginnings of what McAfee
refers to as SmiSHing: phishing messages distributed via mobile
phones’ SMS messaging.
Other mobile phone scams appear to connect users to
web pages but instead redirect users to premium rate pages, costing the
user. Recent mobile malware monitors numbers called, SMS messages or
listens in on phone conversations.
On the darker side of spyware, the company reports
that keyloggers, password-stealers, bots, backdoors and other malicious
unwanted programs are on the rise. This will continue in 2007. With
Windows Vista closing at least some of the gaping Windows
vulnerabilities, malware authors are increasingly turning to techniques
where users are tricked into “voluntarily” installing
unwanted and often malicious programs.
The company expects loss of personal information
due to laptop thefts, and hacking to remain stable in 2007, but that
these losses will be reported more often, creating the impression of a
growing crisis in this area.
The U.S. Federal Trade Commission estimates that 10
million Americans are victims of identity fraud each year; McAfee
expects this number to be about the same next year.
Late in 2006, we saw bots (computer programs
performing automated tasks, often without the computer owners’
knowledge) playing a major role in the increase in spam late in the
year. McAfee predicts more of the same for 2007, with bots increasingly
used for money-making schemes ranging from spam transmission to hack
attacks for hire.
Expect a comeback for what McAfee refers to as
“parasitic malware” – viruses that infect files on
your computer so that when you run the previously benign file, the
virus runs too.
In 2006, Microsoft patched more vulnerabilities
than in 2004 and 2005 combined.
McAfee expects this trend to continue, with an increased number of
attacks timed to take advantage of Microsoft’s once-a-month patch