Welcome to your top 10 security threats for 2007

by  Alan Zisman (c) 2006 First published in Business in Vancouver December 19-25, 2006; issue 895

High Tech Office column; 



With a database listing nearly a quarter of a million computer threats, security company McAfee is in a good position to comment on trends. Its prediction: 2007 will be the year when “hacking comes of age.”

A sober top 10 (in no particular order) for the new year:

• An increase in password-stealing websites: more websites featuring fake sign-ins to capture user log-in information. Especially sad, sites masquerading as charities, as we saw after 2005’s Hurricane Katrina.

As we’ve seen lately, spam – particularly messages embedded in graphics, will continue to deluge us, overwhelming text-focused spam filters. Currently, these messages are primarily for stock scams, pharmaceuticals and bogus degree-granting institutions. Image spam accounted for 10 per cent of all spam in 2005, but has risen to 40 per cent of the total now. As online video grows in popularity, it will attract increased hacker attention. Users have grown justifiably suspicious of e-mail attachments, but many will open online media files without hesitation, making these an increasingly attractive method for distributing malware. Worms and spyware started appearing late in 2006 hitching a ride on video files.

• Mobile phone attacks will grow in 2007. Increased use of smartphones with text messaging, instant messaging, Bluetooth connectivity and more will make them a popular way to spread infections, both between phones and between phones and PCs.

• We’ve seen the beginnings of what McAfee refers to as SmiSHing: phishing messages distributed via mobile phones’ SMS messaging.

• Other mobile phone scams appear to connect users to web pages but instead redirect users to premium rate pages, costing the user. Recent mobile malware monitors numbers called, SMS messages or listens in on phone conversations.

• On the darker side of spyware, the company reports that keyloggers, password-stealers, bots, backdoors and other malicious unwanted programs are on the rise. This will continue in 2007. With Windows Vista closing at least some of the gaping Windows vulnerabilities, malware authors are increasingly turning to techniques where users are tricked into “voluntarily” installing unwanted and often malicious programs.

• The company expects loss of personal information due to laptop thefts, and hacking to remain stable in 2007, but that these losses will be reported more often, creating the impression of a growing crisis in this area.

• The U.S. Federal Trade Commission estimates that 10 million Americans are victims of identity fraud each year; McAfee expects this number to be about the same next year.

• Late in 2006, we saw bots (computer programs performing automated tasks, often without the computer owners’ knowledge) playing a major role in the increase in spam late in the year. McAfee predicts more of the same for 2007, with bots increasingly used for money-making schemes ranging from spam transmission to hack attacks for hire.

• Expect a comeback for what McAfee refers to as “parasitic malware” – viruses that infect files on your computer so that when you run the previously benign file, the virus runs too.

• In 2006, Microsoft patched more vulnerabilities than in 2004 and 2005 combined.

McAfee expects this trend to continue, with an increased number of attacks timed to take advantage of Microsoft’s once-a-month patch schedule.