Internet security forecast revisited

McAfee just revisited its top ten predictions for security threats in 2007. Their research shows that threats including data-thieving phishing Web sites are on the rise, as expected, butother pests such as remote-controlled bots show unpredicted signs of decrease.

McAfee Avert Labs’ top 10 security threats for 2007 and updates, in no particular order:

Password-stealing Web sites are on the rise

The number of phishing Web sites continues to rise exponentially. McAfee Avert Labs saw a 784 percent increase in phishing Web sites in the first quarter of 2007, with no slowdown in sight. These Web sites typically use fake sign-in pages for popular online services such as online auctions sites, online payment processors or online banking. Avert Labs anticipates increasing abuse of sites meant for online collaboration such as wiki pages and online applications. Even Internet archive sites will suffer.

Spam, particularly image spam, is on the rise

The total amount of spam caught in McAfee Avert Labs’ traps has stayed fairly flat during the first part of the year. Image spam accounted for up to 65 percent of all spam at the beginning of 2007. It has actually dropped recently. Image spam is junk e-mail that includes an image instead of just text. It is used typically to advertise stocks, pharmaceuticals and degrees. The image can triple the size of a single message. This causes a significant increase in the bandwidth used by spam messages. In November 2006, image spam accounted for up to 40 percent of the total spam received. It was less than ten percent a year earlier.

Video on the Web will become a target for hackers

Cybercriminals are riding the wave of online video available on social networking sites such as YouTube and MySpace. For example, the Web site of a French rock band was used to load a Trojan horse onto the computers of fans by exploiting a feature in QuickTime.

More mobile attacks

Surprisingly, mobile malware numbers are down with a dozen new examples of malicious software targeted at devices such as cell phones and smart phones for the first quarter of 2007.

Adware will go mainstream

McAfee predicted that more legitimate companies would try advertising software to target consumers. However, because adware has a bad reputation, businesses are trying other ways to deliver their message on the Internet. BitTorrent, for example, is establishing a trend by offering free ad-supported video downloads as an alternative to paid downloads.

Identity theft and data loss will continue to be a public issue

Unauthorized transfer of data is becoming more of a risk to enterprises — including loss of customer data, employee personal information and intellectual property. This information can leak not only via the Web, but also through portable storage devices, printers and fax machines. More than 13.7 million records have been breached thus far this year, according to Attrition.org, compared to 1.8 million records during the same period last year.

Bots will increase

This prediction has been particularly tough to prove. A superficial read of statistics indicates that the use of bots has actually decreased lately. Bots are computer programs that give cybercrooks full control over PCs. Bot programs typically get installed surreptitiously on the PCs of unknowing computer users.

Parasitic malware is making a comeback

No doubt, parasitic malware is happening. Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. Philis and Fujacks continue to be active, and Avert Labs has classified more than 150 new variants of these two families this year. Other families including Sibil, Grum, and Expiro are also active.

Rootkits will increase on 32-bit platforms

About 200,000 computers have been infected with rootkits since the beginning of 2007, according to Avert Labs’ virus tracking mechanism — a 10 percent increase over the first quarter of 2006.

Vulnerabilities continue to cause concern

There are more vulnerabilities to worry about than ever before. Microsoft issued 35 security bulletins, 25 of which were tagged critical and nine important, in the first six months of 2007. During the same timeframe last year, Microsoft issued 32 bulletins, of which 19 were rated critical and 10 were considered important.