Whenever we enter a new year, there is a tendency to expect new trends in the world of malware. However, changes are going to be slight, nothing like the sort of surprises that we got from other malicious code in the past.
Some time ago, virus creators liked to think of their work as a kind of research, but now, as we enter 2005, malware is no longer used to demonstrate programming skills but simply to commit crimes. Phishing techniques, adware and spyware are all good examples. In 2005 it is more than likely that these types of malware will be even more prevalent than before.
The financial benefit to hackers will take precedence over the creation of new propagation techniques. Whereas before, it was possible to think that a virus creator was actually original, nowadays the only conclusion that can be drawn is that they are just plain criminals.
The only new aspect, driven by the need for faster returns, is an increase in the number of attack channels. The simple concept of a worm (code that only multiplies via email) will be replaced by more complex worms which have Trojans built into them, making up an important part of the code itself.
Today, the objective is not just to make the code reproduce for its own sake, but to stay in as many computers as possible in order to create ‘botnets’, networks of ‘zombie’ computers controlled by hackers. These networks can be used to launch denial of service attacks or simply to reach new heights in cyber-crime: IT blackmail. Basically, computers hijacked by malicious code are used to send out massive amounts of email. Spammers mask their true identity, by launching the mail from a computer other than the one used by the spammer, as it is extremely difficult to discover the real source of the mail. To make matters worse, all complaints will be directed at the unfortunate victim whose computer has been hijacked.
One good indication of the increase of malware used to hijack PCs is the increase in the number of ‘bots’ PandaLabs has detected. In 2004, Panda Software solutions detected 1,200 percent more bots than in 2003. If the trend continues, 2005 could be a tough year.
In 2005, just as in 2004, attempts to crash web servers of large companies may well continue. These servers won’t just be the targets of attacks, but those that are not properly secured will also be used to launch attacks on clients that connect to them. By exploiting vulnerabilities, servers that have not been updated could be used to launch scripts, applets or simply malicious code on PCs when they connect to the infected sites.
In 2004, virus creators have searched for new ways of exploiting vulnerabilities in Internet browsers. The tendency will continue in 2005, but will spread to applications other than just Windows/Internet Explorer. Other browsers (Mozilla, Opera) and other operating systems (Linux, Mac, Symbian) will also be in the line of fire for these ‘researchers’. Will they get what they want by exploiting these vulnerabilities? I would imagine that there is really not enough incentive to attack something that isn’t Microsoft. It is the company they all aim to destroy, even though other systems also have errors and vulnerabilities to exploit, so hackers will once again have the company’s products in their sights.
This coming year will be the year of the roamer. Among the different technologies there won’t be a clear leader, as Bluetooth, Wi-Fi and 3G will divide up the mobile technology world, each operating in its own sector. Attacks on each of the wireless communication media will be practically the same. Remember that these are technologies for transporting data, which means transporting code, which means transporting viruses. The real impact will be felt on the operating systems installed in each computer, and these systems are quiet secure. ‘Cabir’ was really a conceptual trial to demonstrate that these devices can be infected with worms. Nevertheless, not everyone agrees that this virus depends on a slack configuration of a Bluetooth connection in specific versions of Symbian.
We can learn from the Klez.I virus: it spread widely because users didn’t update or properly configure Internet Explorer, and it stayed around as the most frequently detected virus for some time. New viruses for mobile devices will appear, that’s for sure, and those devices that are not sufficiently secure will become infected, but not because of wireless technology or the devices in themselves, but because some users are not adequately informed and because there is an overdose of technology in devices that exceeds the users ability to fully understand them.
To summarize, 2005 will be as insecure as users want. With normal security measures and adequate training a large percentage of malware will be blocked. The rest will be taken care of by the new preventive technologies.
We will surely come up against viruses as fast as SQLSlammer, as prolific as Netsky, as damaging as Loveletter, everything you care to imagine. But the solutions are there to protect you. All you have to do is use them.