CA issued a report that warns of growing, more complex Internet threats facing home PC users – including targeted identity theft, emerging risks associated with online gaming, a doubling of malware exploits, and new software vulnerabilities. The CA Mid-Year Internet Threat Outlook Report is based on data compiled by the CA Security Advisor Team, a global team of malware researchers. It outlines the impact that organised crime, evolving technology, and the ongoing efforts of malware authors on the safety and security of home PC use.
Predictions from the CA 2007 Mid-Year Internet Threat Outlook include:
1. Stealing online gaming accounts will become as profitable as stealing bank accounts. Gamers are under siege. The second most common malware seen this year is designed to steal gaming passwords. Characters and virtual money are sold in underground web sites that rival legitimate commodity markets.
2. “Spear-phishing” will grow as identity theft surpasses record levels. Almost 3.25 million Americans discovered that their personal information has been used to open credit cards.* Phishers are shifting from pure opportunism to “spearing” specific individuals based on age, socio-economic status, etc.
3. Malware will increase by 132% this year over last, with Trojans leading the pack. From January to June 2007, CA Security Advisor saw that 65% of the malware threats were trojans, 18% were worms, 4% were viruses, and 13% were other types of malware.
4. Mozilla Firefox will no longer be considered more secure than Microsoft Internet Explorer; and conventional wisdom that Apple Mac OS X is more secure than Microsoft Windows will crumble. Internet Explorer and Firefox are running neck-and-neck, with 52 and 53 vulnerabilities this year respectively, and will easily surpass the number of vulnerabilities reported last year. In the first half of this year, there were 51 reported vulnerabilities for Mac OS X, 29 for Windows XP and 19 for Windows Vista.
5. Cyber-criminals will increasingly use a “multi-step” approach to creating and distributing malware. Multi-component malware, such as sending spam with a Trojan, allows them to fine-tune the malware—making it harder for security vendors to identify. Lesser-known techniques to hide from security software, including “packers” or “encryptors,” are now widespread (representing two of the top five malware this year).
6. Internet crime groups will look more like legitimate software businesses. No more attention-seeking hackers—organized groups of criminals have developers, marketers and distribution channels. Many are located in Eastern Europe and China.
7. As Botnets grow, so will the risk of “botherders” using information about victims’ behavior to offer demographics-based marketing. Such targeted efforts would rival the largest legitimate marketing. Based on current estimates, millions of home PCs may be controlled by botnets today.
8. As adware and hijackers continue to fade, the spyware category will be dominated by Trojans and downloaders. The versatility of Trojans has clearly made them the tool of choice for malware authors. Downloaders will become attractive as new versions not only distribute spyware but defend against its removal.
9. Criminals will increasingly target lower profile but useful software, such as Adobe Acrobat Reader and Macromedia Flash, to exploit security holes. At the current rate, we’ll see twice the number of vulnerabilities in Reader and Flash.
10. Social networks are under fire for security weaknesses. Not only are they subject to the same weaknesses as web sites—SQL injection, cross-site scripting attacks and forgeries—but the ability to create web pages allows a criminal to post malicious code. On a social network, attacks move faster because everyone is interconnected. Mobile social networks can also be easily attacked—providing information for stalking and other crimes.