In its “Top Ten Security Predictions for 2008,” McAfee foresees the growth of virtualization opening up a huge attack surface. On the good-news side, the security vendor expects there will be less adware on the Internet to worry about.
McAfee’s list comes in the wake of archrival Symantec this week predicting its top five security threats for next year. Craig Schmugar and Dave Marcus, researchers at McAfee’s Avert Labs, shared this list:
— Web 2.0 . Web-based social-networking sites, hosted applications, wikis and the like are way ahead in function but behind in security, according to McAfee. Active sites will continue to be victims of crosssite scripting attacks and malware exploits.
— Botnets. These are going to be Artful Dodgers, following the style of the largest botnet around today, Storm, “which radically changes its methods over time,” Schmugar says.
— Instant messaging/instant malware. On the horizon is a “self-executing IM worm,” Schmugar predicts.
— Online games. Password-stealing Trojans have emerged as a new type of threat to millions of game players.
— Microsoft ‘s Vista software. Has it seemed fairly quiet on the security front since Microsoft shipped Vista last year? McAfee says that quiet period is coming to an end, now that the installed base is growing slowly to 10% of Windows users.
— Decline of adware. “The government, such as the Federal Trade Commission, has been successful fighting against it,” Marcus says.
— Phishing. Attackers are not going just after the larger targets, such as PayPal and eBay, and the big banks. Phishing is now ubiquitous, hitting MySpace users and any online Web site imaginable.
— Parasitics. Though not a wholly new category of malware, parasitics — which look for a specific file on your system into which they embed themselves and then spread, rather than just make a copy of themselves — are having a renaissance.
— Virtualization. To McAfee, the spread of virtualization into the enterprise widens the potential attack surface. “You’re opening up the exposure plane,” Marcus argues.
— VoIP. As VoIP acceptance grows, there also will be growth in VoIP phishing attacks and hacking into networks to resell VoIP minutes.