Predictions for Top Ten Security Threats in 2007 as Hacking Comes of Age

McAfee, Inc. has released its top ten predictions for security threats in 2007. According to McAfee Avert Labs data, with more than 217,000 various types of known threats and thousands more as yet unidentified, it is clear that malware is increasingly being released by professional and organized criminals.

In no particular order, McAfee Avert Labs' top 10 security threats for 2007 are:

1. The number of password-stealing Web sites will increase using fake sign-in pages for popular online services such as eBay

2. The volume of spam, particularly bandwidth-eating image spam, will continue to increase

3. The popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code

4. Mobile phone attacks will become more prevalent as mobile devices become "smarter" and more connected

5. Adware will go mainstream following the increase in commercial Potentially Unwanted Programs (PUPs)

6. Identity theft and data loss will continue to be a public issue -- at the root of these crimes is often computer theft, loss of back-ups and compromised information systems

7. The use of bots, computer programs that perform automated tasks, will increase as a tool favored by hackers

8. Parasitic malware, or viruses that modify existing files on a disk, will make a comeback

9. The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well

10. Vulnerabilities will continue to cause concern fueled by the
underground market for vulnerabilities

"Within a short period of time, computers have become an intrinsic and essential part of everyday life, and as a result there is a huge potential for monetary gains by malware writers," said Jeff Green, senior vice president of McAfee Avert Labs and product development. "As we see sophisticated techniques on the rise, it's becoming increasingly hard for the general user base to identify or avoid malware infections."

Today, McAfee researchers are seeing evidence of the rise of professional and organized crime in malware creation, whereby development teams are creating malicious software, testing it and automating its production and release. Sophisticated techniques such as polymorphism, the recurrence of parasitic infectors, rootkits, and automated systems with cycling encryption releasing new builds are becoming more prevalent. Furthermore, threats are being packed or encrypted to disguise their malicious purpose on a more rapid and complex scale.

In July 2006, McAfee announced that it officially released protection for the 200,000th threat in its database. Since January 1, 2006, McAfee has added approximately 50,000 new threats to its database and is on track to exceed 225,000 new threats by the end of the year. Given current trends, McAfee expects the 300,000th threat to be identified by the end of 2007, demonstrating its growth potential.

McAfee Avert Labs' 2007 Threat Forecast in Full:

Password-stealing Web sites are on the rise
More attacks that attempt to capture a user's ID and password by displaying a fake sign-in page, and increased targeting of popular online services such as eBay, will become more evident in 2007. As evidenced by the phishing attacks that followed Hurricane Katrina, McAfee Avert Labs also expects more attacks that take advantage of people's willingness to help others in need. In contrast, the number of attacks on ISPs are expected to decline while those aimed at the financial sector will remain steady.

Spam, particularly image spam, is on the rise
In November 2006, image spam accounted for up to 40 percent of the total spam received, compared to less than ten percent a year ago. Image spam has been significantly increasing for the last few months and various kinds of spam, typically pump-and-dump stocks, pharmacy and degree spam, are now sent as images rather than text. Image spam is typically three times the size of text based