Knocking off the nasties

UP TO SPEED Resellers need to be up to speed on key areas including blended threats, phishing emails that lead to URLs and the continual reinvention of spam. Cullen highlighted three types: stock spam (effectively untraceable), image spam (using animated gifs) and botnets (mass-production). "We saw the evolution of image spam techniques throughout the year, whereby the hackers hide contents in an image," he said. "The Botnet herder is a big job in the cybercrime community." People can oversee the act of managing a botnet and sell the virtual network for about $100 per hour.

McAfee regional business director, Gavin Struthers, claimed the vendor saw 2000-3000 new pieces of malware a week. Sophisticated techniques such as polymorphism, the recurrence of parasitic infectors, root-kits, and automated systems with cycling encryption releasing new builds are becoming more prevalent.

"Threats are being packed or encrypted to disguise their malicious purpose on a more rapid and complex scale," he said.

While bots were on the rise, Struthers said computer programs that perform automated tasks would move away from Internet Relay Chat (IRC)-based communication mechanisms and towards less obtrusive ones.

Work-at-home jobs, or "mules", will also continue to be an important aspect in bot-related money making schemes. These offers are typically promoted with professional-looking websites, classified ads and via instant messaging.

The popularity of video on the Web is another area which could become a target for hackers, Struthers said. The increasing use of video formats on social networking sites such as MySpace, YouTube and VideoCodeZone will attract malware writers seeking to easily permeate a wide network.

"Unlike situations involving email attachments, most users will open media files without hesitation," he said.

CROSS POLLINATION Sophos Asia-Pacific managing director, Rob Forsyth, said new threats were emerging at the end point as all manner of mobile devices became wedged into our culture. He claimed there was more risk of cross-contamination. The rise of bluejacking (anonymous, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops) and bluesnafing (theft of data from a Bluetooth phone) are prime examples.

Sophos has rolled out genotyping this year as a way of keeping up with new security threats. The technology has been used to identify an increasingly large number of viruses and other malware by digging deeper and studying specific behaviour characteristics. "If something looks bad and smells bad, you don't need to eat it to determine that it's bad," Forsyth said.

The rise of rootkits also took shape this year, and is another danger for 2007, according to Avalanche's Bridwell. Rootkits are files or system code that attempt to insert themselves deeply within the OS through stealth technologies. Once there, they are difficult, if not impossible, to detect.

"Once installed and in place rootkits give their controller the same privileges as an administrator over the system. Another item to consider is that rootkits will most likely be bundled with bots and botnets," he said.