Hybrid malware was an increasing trend in 2006 and this trend is believed to continue into 2007. One such example is the fusion between worms or Trojans and rootkits. As a result of this, in the future it will be more difficult to distinguish between different malware families.
The report also analyzed how malware evolved in 2006. Trojans have now become the most popular type of malware. This is largely because they spread silently and are therefore ideal for targeted attacks.
"The users have a false sense of security, believing there are no dangerous threats. The truth is, however, that there is now more malware than ever. PandaLabs detected the same amount of malware last year as in the previous fifteen years combined," confirms Luis Corrons, technical director of PandaLabs.
Regarding spyware, or more specifically adware, the report underlines how widely it is now distributed due in part to the fact that these programs conceal themselves as part of other legitimate programs and that users do not consider them dangerous. Adware creators are therefore exploiting the situation and reaping the benefits.
On the subject of bots, the report stresses the changes in the way they are being used. "As firewalls evolve and port monitoring improves, bot herders are having to control their creations using alternative means, such as P2P networks. It is therefore more difficult to detect botnets since they are more diffuse, unlike the current ones which are usually more centralized," says Corrons. The use of worms as a means of propagation for other malware is another trend confirmed in 2006.
The motivation of cyber-crooks during 2006 was once again financial. In this sense, the sale of malware online flourished last year. It is now possible on the Internet to buy any number of malicious tools, from kits for creating phishing Web pages to vulnerability exploits or services for creating Trojans. This black market is now said to be worth more than the entire anti-malware industry.
What to Expect in 2007
According to PandaLabs, spam rates will continue to be high this year, since people are still buying what is advertised in the e-mails.
Social engineering will continue to cause problems. "The fact that malware still spreads using false e-mails related to Valentine's Day or Christmas, reveals the need for technological solutions capable of detecting malware in the e-mails received every day," Corrons explains.
The report also described the innovative and curious attacks that took place in 2006, such as the presence of malware in virtual worlds (SecondLife, World of Warcraft, etc.). It also covered subjects including the sale of devices infected by malware or social engineering using Christmas-related subjects.
