Bangkok--23 Apr--Core & Peak
Medium: We will be seeing more and more malware abusing Web 2.0 features, technologies and culture.
We are still seeing now-antiquated propagation techniques such as file piggybacking, email, removable drives, peer-to-peer and instant messaging being used this year. This trend will continue as malware writers fully realize the potential of Web 2.0 for propagation.
Hackers will use techniques that very closely resemble normal codes. IFRAMEs, for instance, have been around for years and have been used for various ends before hackers started using them to distribute malware. In addition, hackers will continue to use Internet browsers and other web-able applications (such as Flash and streaming media players, among others) as the infection vector of choice. The release of Google Chrome, the upcoming official release of IE8, and the rise of browser-as-a-platform applications (e.g., Microsoft Silverlight and Adobe Integrated Runtime) will serve as new avenues ripe for exploitation.
Taking a page off STORM’s book, cybercriminals will create new threat models and architecture in their continuous effort to make profit. Expect botnets and attacks similar to the likes of FAKEAV and MEBROOT to flourish in 2009. Threat models will join the "in-the-cloud" bandwagon with cybercriminals setting their eyes on software and services that offer such features (e.g., Microsoft Azure).
Malware: We will be seeing three areas of advancement in malware-related technologies: (1) AV detection evasion, (2) malware persistence, and (3) overall malware complexity.
Malware writers have been using packers, cryptors and obfuscators to avoid detection. The antivirus industry quickly responded to this challenge by employing more aggressive detection rules, advanced technologies and frequent updates. Bad guys have no choice but to fight back by releasing numerous variations of their malware in high frequency, making the window of exposure for every released malware shorter. We might actually see more malware families but fewer variants. This is so it will be difficult for AV companies to create heuristic/generic patterns to detect them.
Along with this frequency are other techniques such as termination of antivirus software, termination of built-in and third-party utilities, disabling the registry editor, command prompt, Task Manager and Windows Update, and creating numerous copies of itself in various folders and drives. Infamous USB malware such as PE_LUDER and WORM_HUPIGON are notorious for their ability to survive manual and even automatic cleanup attempts.
Rootkit technology has also come a long way, the most recent rootkit technologies, although not as advanced as Joanna Rutkowska’s Blue Pill, manages to hide malware effectively from most rootkit and AV scanners.
Threats exploiting bugs on "alternative" operating systems will persist, especially with the growing popularity of Mac and Linux (the latter because of the booming netbook market).
Microsoft will still be a favorite target of malware authors though, and with the release of Windows 7 in 2009, cybercriminals will definitely make efforts to debunk any claims that new Windows will be "virus-free." Proof-of-concept malware will take advantage of Microsoft Surface, and as mentioned earlier, threats will also exploit Silverlight and Azure.
Motives: Still all about the money.
Malware writers, undetection vendors, spammers, phishers, and carders will continue to operate around the concept of monetary gain.
Cybercriminals will continue to take advantage of events, celebrities, and political figures, among others, as social engineering bait. US Elections-related malware will continue until (and after) the president-elect steps in the Oval Office in January, while gamers anticipating the upcoming releases of Starcraft 2 and WoW: Wrath of the Lich King should also be wary. Even the global financial crisis will be taken advantage of, given that the threat landscape is a money-motivated business to begin with, and that it is an issue that has piqued almost everyone’s interest.
Mobile devices are the lowest hanging fruit to be exploited by cybercriminals and it will be ripe for picking in 2009. We will see more threats make money out of mobile technologies. And as mobile phones and other handheld devices become more and more interconnected with their desktop counterparts, expect more threats to attempt to "cross over" multiple machines and devices via common application platforms (e.g., .NET, JAVA, etc.).
Furthermore, spam has consistently risen over the years and it will continue to do so in 2009. United States will continue to be the country that sends out the most spam, while Europe the most spammed continent.