McAfee: More web-based threats in 2008

Security vendor McAfee has put together a list of what it believes will be the top tech security threats we'll face next year.

The researchers at McAfee's Avert Labs expect an increase in web dangers as well as, somewhat predictably, threats targeting Windows Vista.

IM and VoIP attacked

Interestingly, adware levels are expected to decrease as security software - including that integrated within Vista - clamps down on it.

"Threats are increasingly moving to the Web and migrating to newer technologies such as VoIP and instant messaging," says Jeff Green, senior vice president of McAfee Avert Labs. His team expects more attacks on social networking sites, as well as a growth in botnets. Other trends expected include a growth in attacks on online gamers and instant messaging apps.

Tech.co.uk spoke to Joe Telafici, Vice President of Operations at McAfee Avert Labs. Telafici is responsible for all the security content that McAfee produces, such as anti-virus and anti-spam signatures.

"If we're doing our job right consumers will never know we exist," Telafici says. "Our job is to be out there examining all the samples we get, analysing what's out there and turning it into content for our products."

So what's the current outlook for PC security? "The landscape has changed. It's much more about risk and reward," muses Telafici.

"Previously people robbed banks because that's where the money was. Today you can make as much money without anybody shooting at you. It's not that hard to do, there are a lot of machines on the internet and most of them contain data that's important to somebody."

Less 'big bang' security storms

But does he think people are less aware of security because of less 'big bang' security storms such as the Slammer virus?

"That's one of the things I'm actually pretty happy about," says Telafici. "I really expected that to be the case. If you'd told me the traditional mass outbreak was going to go away five years ago I would have worried a bit that people would be less aware.

"But there's enough [events in the news]. If you have a database of customer data in California, you have to say you've been hacked. And everyone sees phishing and spam emails every day now."

Telafici also told us about the improved framework for detection of cybercrime.

"There are a lot of good efforts going on in different parts of the world. It's a global problem. One of the encouraging things when I talk to people like [law agencies] in the US, the UK and Germany - they know each other, starting to see work between law enforcement agencies - just like there is between security vendors."

McAfee's top 10 security threats for 2008

Bull's Eye on Web 2.0
Compromises and malware at Salesforce.com, Monster.com and MySpace, represent a new trend in attacking online applications and social networking sites. Expect a large increase in this activity in 2008.

Botnets follow the Storm
The Storm Worm set a worrying precedent. The creators released thousands of variants and changed coding techniques, far more than any other threat in history. Others will ride the coattails of that questionable success, pushing up the number of PCs turned into bots.

IM = Instant Malware
The scenario of a "flash" worm via instant messaging applications has been foreshadowed for years. This threat may be closer than ever as the number of vulnerabilities in popular instant messaging applications doubled in 2007.

Target: Online Gaming
The number of password-stealing Trojans that targeted online games in 2007 grew faster than the number of Trojans that target banks.

Vista joins the party
In 2008, Windows Vista is set to gain additional market share and cross the 10 percent barrier. As Vista becomes more prevalent, attackers and malware authors will start in earnest to explore ways to circumvent the operating system's defences.

Adware continues its decline
The government crackdown against purveyors of ad-serving software has had a positive effect. With the major players out of the game, adware is expected to continue its decline in 2008.

Phishers catch a wider net
Cybercrooks will increasingly target smaller, less-popular sites with data-thieving phishing scams. It has become tougher and riskier to target top-tier sites as the big-name brands are responding more quickly and providing increased security.

Parasitic crime-ware takes root
Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. Expect a continued interest in parasites from the crime-ware community, with overall parasitic malware expected to grow by 20 percent in 2008.

Virtualization transforms information security
Researchers, professional hackers, and malware authors will begin looking at ways to circumvent new defensive technology, continuing the classic game of cat and mouse.

VoIP attacks to rise 50 percent
Already this year, more than double the number of security vulnerabilities have been reported in Voice over IP (Internet Protocol) applications, compared to all of 2006. Expect a 50 percent increase in VoIP-related threats in 2008.

Contributor

Dan (Twitter, Google+) is TechRadar's Former Deputy Editor and is now in charge at our sister site T3.com. Covering all things computing, internet and mobile he's a seasoned regular at major tech shows such as CES, IFA and Mobile World Congress. Dan has also been a tech expert for many outlets including BBC Radio 4, 5Live and the World Service, The Sun and ITV News.