MoMusings

One of the things I do each year is to analyse what has occurred in the ‘big-bad-internet’ aka the ‘wicked-wicked-web’. I focus on what the Bad Guys/Girls[TM] have been up to; such as new platforms, techniques and technologies that they have used and abused during the previous year.

I then add all the data I have from the previous 20+ years of malware and related nastiness and try and predict what we may see in the coming year. This doesn’t include any predictions that might give the Bad Guys/Girls[TM] any new ideas that they haven’t already tried or at least discussed.

The last thing I want to happen is for me to give them something new to use; be it a technique, some technology they can abuse, or suggest new platforms they can attack. These ‘potentially dangerous’ predictions will not be published. I do not want to be held responsible for suggesting new ideas.

So let me disclose some of the results from being ‘up-to-the-armpits’ in malware entrails, meditations on 419 and phishing scams and looking at the vast pits of daily SPAM as well as gazing into my virtual crystal ball and interpreting the malware runes.

Without further ado, Let us see what 2006 may hold.

The Obvious Ones:

• Phishing to continue to grow
  More scams using social engineering to dupe users into disclosing private or confidential information or getting them to perform a task, such as running an attachment or deleting system files (user initiated malware). More phishing scams to use malware such as key-loggers and backdoors to compromise/further exploit a victims system. However, we have already seen a move towards more targeted phishing and pharming.
• Less mass-mailing worms
  We will actually see a fall in this method of distribution and an increase in the other more stealthy and invisible methods used by share-crawling worms and bots instead. Unlike others I don’t believe that the mass-mailing worm is quite dead yet, I give it at least another 12 months. Many anti-virus vendors predicted it’s death at the end of 2004.
• Increased use of blended threats and multi-stage attacks
  More vectors, more exploits, more fragmented attacks.
• Increased social-engineering use in malware
  Malware authors are well aware that most often the weakest link in a company’s security is the person behind the keyboard. Until users gain a healthy level of paranoia then the problem will continue and may be used more often to defeat a company’s anti-malware defence. 2005 saw numerous examples of social engineering being used to get user to infect their computers, fall for hoaxes, and disclose their personal and financial data to scammers and malware authors.
• Increased Cyber Blackmail
  In 2006 I expect that this will also include the threat of infecting systems with new worms/viruses and more cyber-hostage malware. 2005 saw a number of cases of malware encrypting data and demanding a ransom. There were a number of high profile DDoS attacks during the second half of 2005 and it seems that organised crime has moved their protection rackets in to the digital world.
• SPAM will continue to grow
  Despite the recent legislation passed in both the UK/EU and the US and even allowing for the arrests/prosecutions of spammers in 2005, the growth in risk of being caught will be offset by the increasing use of bot nets as spam proxies.

The Less Obvious Ones:

• Increase in Spyware and Adware as a problem in the corporate space
  Many companies currently don’t realise that they have a problem. This is expected to be one of the major areas of growth in 2006, both from the malware/spyware/adware authors and security solutions to counter the threat. If you don’t believe me just ask the average home user.
• Mobile malware will continue to grow
  I expect that it will follow the same pattern that we have seen in the past with both DOS and Windows malware however I expect that the timeframe will be significantly shorter.
• Increasing use of rootkit and or stealth/cloaking technology
  Use of this technology can effectively make malware almost invisible to most current anti-virus and anti-spyware tools. I also expect that we will start to see a growth in true polymorphic and stealth Windows malware as malware authors try to hide from anti-malware tools.
• Bots and botnets will continue to be the tool of choice for cyber-criminals
  What we will see in 2006 is a further move from using IRC for command and control, to other methods such as web servers running SSL [encrypted] command and control systems. We may also see encrypted peer-to-peer [P2P] networks created by bot/botnet creators as IRC server owner’s crackdown on misuse of their servers. Furthermore the increasing use of IPS/IDS to detect botnet IRC traffic will force the bad guys to move to encrypted protocols as an attempt to try and defeat the use of these technologies.
• Exploit code auctions to become common-place
  At the end of 2005 there was evidence that so-called zero-day exploit code was being offered for sale by authors. This was effectively an auction. It seems clear that this will become a common occurrence during 2006, as organised criminals look for new ways to gain access to targeted systems.
• Broadening of Operating Systems and platforms being targeted
  It has become clear over the last few years that malware authors are increasingly looking at operating systems other than Windows. The number of Linux malware is increasing steadily as they search for effective ways to target it. The same has been happening on the Apple Mac platform. We will see more, and increasingly complex and successful malware for Linux and Mac operating systems during 2006.

Agree, disagree whith these? Have your own predictions? If so that’s what the comments function is for, use it.