Botnets, the Storm worm and attacks in virtual worlds are among the internet nasties listed as the top online security threats for 2008, according to various security vendors.
Fortinet’s latest forecast report highlights web pages containing malicious code as the worst threat of 2007. The company reports web-based threats achieved infection rates of more than 12 percent, while spam-based malware infection rates were less than one in 10,000.
Australia and New Zealand regional director Charlie Cote says web-based threats have emerged because of the greater use of Web 2.0 and the more sophisticated techniques employed by hackers.
“Hackers are now using search engines to guide users to malicious websites. I won’t name sites, but all the major search engines have been affected. Hackers are feeding dummy results into search engines and these are pointing back to dangerous web pages.”
Cote says these type of threats will become even more sophisticated.
“Because of the evolution of the internet there is a huge challenge to stay one step ahead of the hackers. It’s also becoming more difficult to identify malicious web pages. My advice is that the top five to 10 search results are more likely to be legitimate than ones that appear later on.”
Botnets have emerged as the number-one IT security threat according to Marshal Software.
Social networking websites, virtualisation, spam/phishing and data leakage round out the Auckland-based security vendor’s top five list of threats. Vice-president of products Bradley Anstis says the continued success of the Storm botnet is a case in point.
“Already many comparisons are being made between Storm and collaborative computing and the damage that so much computing power could cause. The Botnet operators now know how to be successful, so we will see many more Storm-like attempts in the next 12 months.”
To address these new variations Anstis says vendors must not just rely on one method of detection, but provide a multi-layered approach to stop the botnet at all levels and stages from installation through to the chatter in traffic generated when it is active.
“The massive growth in popularity of sites like Facebook and LinkedIn, as well as the share sites like YouTube, are a big target for malware and will continue to be. The reason for this is that user suspicion levels are lower when accessing familiar sites such as these and, typically, will open messages purporting to be from the sites.”
Turning to virtualisation, he says many companies are running or have run projects to consolidate their server infrastructure.
“The next target for many is the security infrastructure. At present there are few vulnerabilities known. Though with the increasing reliance on virtualisation, no matter which technology, the attackers will begin to target and probe for vulnerabilities.”
Meanwhile, malicious activity within virtual worlds such as Second Life will be a threat for 2008, according to Symantec.
“Virtual worlds often serve as environments in which numerous online users interact in massive, multiplayer online games,” says Symantec New Zealand systems engineer Rogan Mallon.
Symantec predicts attackers will use virtual worlds and online games such as World of Warcraft, to trick victims into installing malicious software under the pretence that it improves functionality in the virtual world.
“For example, virtual worlds have embraced the concept of scripted bots that serve, entertain, and protect avatars within the virtual environment.”
Mallon agrees that malicious web pages and botnets are a big danger.
“Botnets go hand in hand with spam because spam is used as a trigger to install botnets onto your computer. We are also concerned that legitimate websites are being compromised by malicious codes.”
Like Anstis, AVG Australia and New Zealand marketing manager Lloyd Borrett says web exploits and web-based social engineering attacks will be big. He agrees that malicious web pages are a problem.
“This is no longer kids hacking for kicks, but criminals who are making money from these attacks. The problem is that Web 2.0 is making it easier to create more sophisticated threats and it’s no longer viable to have a list of safe web pages because those pages can be compromised too. Pieces of Storm are being sold to the bad guys as well, so we expect attacks across multiple platforms.”
On the flipside, Borrett says there is a big opportunity for resellers.
“They can help their customers stay safe by making sure they have the most up to date protection, plus the resellers make good revenue from security.”
He adds AVG is making a report function available with its security software that will allow users to report back on threats to assist its software research and development.