Security experts at AVG published their analysis of 2007’s top viruses, Internet hacks and exploits, and reveal their forecast for the top security threats facing computer users in 2008.
Unlike traditional malware such as viruses or trojans that are created by thrill-seeking programmers and computer geeks trying to create chaos, exploits are a fast-growing category of crimeware applications used by criminal cyber-gangs to steal digital assets for financial gain. Exploits are usually delivered in the form of drive-by downloads intended to take advantage of unpatched computer vulnerabilities.
Top ten web exploits for 2007
1. Super Bowl/Dolphins website drive-by download hack (February)
2. Google AdWords reroute via malicious site (April)
3. Google Bait & Switch keyword site exploit servers (July)
4. Bank of India website drive-by download hack (August)
5. Storm Trojan Fakes YouTube Links through phishing and fake codecs (August)
6. Gov Hacks cause government websites to serve porn, malware, and fake anti-spyware (September)
7. Facebook Banner Ads used to distribute adware-driven exploits (September)
8. Alicia Keys/MySpace Hack deliver behind-the-scenes drive-by exploits (November)
9. MLB & NHL.com malicious banner ads hijack user sessions, push malware (November)
10. Monster.com hack feeds exploits to jobseekers (November)
Top security threats expected in 2008
1. Web exploits and web-based social engineering attacks. Viruses will continue to be a threat, but we’ll also see an explosion of exploits through social engineering and Web 2.0 attacks in 2008.
2. Storm Worm on the rise. Orchestrated attacks are expected across multiple platforms.
3. Email-propagated viruses. Many novice users remain unaware of email security issues and continue to open attachments from senders they do not know or click on unsafe hyperlinks.
4. Web exploits targeting trusted web sites.
5. With increasing adoption of Microsoft’s latest operating system, Vista will become a bigger and thus a more tempting target for the bad guys.
While AVG expects international law makers to pay closer attention to cybercrime in 2008, it’s unlikely that stronger laws will deter cybercriminals.