McAfee Predicts Top 10 Security Threats for 2007

Malware, phishing sites, more spam, mobile phone attacks and hackers targeting video all predicted


McAfee today announced its top 10 predictions for security threats in 2007 from McAfee Avert Labs. According to McAfee Avert Labs data, with more than 217,000 various types of known threats and thousands more as yet unidentified, it is clear that malware is increasingly being released by professional and organized criminals.

In no particular order, McAfee Avert Labs' top 10 security threats for 2007 are:

1. The number of password-stealing Web sites will increase using fake sign-in pages for popular online services such as eBay.
2. The volume of spam, particularly bandwidth-eating image spam, will continue to increase.
3. The popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code.
4. Mobile phone attacks will become more prevalent as mobile devices become "smarter" and more connected.
5. Adware will go mainstream following the increase in commercial Potentially Unwanted Programs (PUPs).
6. Identity theft and data loss will continue to be a public issue - at the root of these crimes is often computer theft, loss of back-ups and compromised information systems.
7. The use of bots, computer programs that perform automated tasks, will increase as a tool favored by hackers.
8. Parasitic malware, or viruses that modify existing files on a disk, will make a comeback.
9. The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well.
10. Vulnerabilities will continue to cause concern fueled by the underground market for vulnerabilities.

"Within a short period of time, computers have become an intrinsic and essential part of everyday life, and as a result there is a huge potential for monetary gains by malware writers," said Jeff Green, senior vice president of McAfee Avert Labs and product development. "As we see sophisticated techniques on the rise, it's becoming increasingly hard for the general user base to identify or avoid malware infections."

Today, McAfee researchers are seeing evidence of the rise of professional and organized crime in malware creation, whereby development teams are creating malicious software, testing it and automating its production and release. Sophisticated techniques such as polymorphism, the recurrence of parasitic infectors, rootkits, and automated systems with cycling encryption releasing new builds are becoming more prevalent. Furthermore, threats are being packed or encrypted to disguise their malicious purpose on a more rapid and complex scale.

In July 2006, McAfee announced that it officially released protection for the 200,000th threat in its database. Since January 1, 2006, McAfee has added approximately 50,000 new threats to its database and is on track to exceed 225,000 new threats by the end of the year. Given current trends, McAfee expects the 300,000th threat to be identified by the end of 2007, demonstrating its growth potential.