Last year saw crimeware writers turn old school and utilise parasitic viruses with a pecuniary mission such as Grum, Virut, and Almanahe, McAfee technical sales director, Michael Santonas, said. Variants of an older parasitic threat, Philis, multiplied 400 per cent, while 400 variants of newcomer, Fujacks, were catalogued. McAfee expects a continued interest in parasite activity, with overall parasitic malware expected to grow 20 per cent in 2008, he said.
DO YOU COME HERE OFTEN?
A report on the Reuters wire service in December alleged that a Russian company had created an online flirting bot called CyberLover, which trawled online dating websites to 'flirt' with unsuspecting women and potentially steal their personal details. Security vendor, PC Tools, told Reuters the Russian pillow-talking bot could be hitting an online chat or dating website near you. According to PC Tools, CyberLover's artificial intelligence is convincing enough that users have trouble distinguishing the bot from the genuinely amorous. Even though the slick chat it employs means it can establish 20 'relationships' an hour - the romance could turn serious, the vendor warned.
"As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," PC Tools senior analyst, Sergei Shevchenko, said. CyberLover compiles name, contact information and photos on every person it 'meets', and can encourage the smitten or curious to visit its own 'personal' website - offering the potential for more serious malware attacks to be launched.
Shevchenko said the program can monitor Internet browser activity, automatically recognise and fill in the fields in the Web pages, generate keystrokes and mouse clicks, and post messages, URLs, files and photos.
Allegedly, though, the Russian company that invited CyberLover said it was not created to commit fraud but as a legitimate tool for online interaction.
Various news reports at the time claimed CyberLover would launch worldwide in February. Sadly, ARN didn't get to meet CyberLover: the website, www.cyberlover.ru, was offline.
Nicholson said rootkits had grown into an issue of their own, largely due to a paucity of quality rootkit solutions. This was especially within Internet security packages. "Keyloggers and things like that, link into identity theft," she said. "So you're still getting traditional malware but the actual payload is more fraudulent."
Gartner security analyst, Andrew Walls, said today's malware creators aren't as interested in simply taking a machine offline. Instead, smart cyber criminals want their malware to work undetected in the background and are trying to lift specific information, such as personal data. In some ways, he suggested, such attacks could be getting easier as increasing automation of systems meant fewer human eyeballs were monitoring any given network or machine for aberrant behaviour.
Sophos Endpoint Security and Control 7.0 includes a rootkit detection module. Resellers should check their solution of choice has something of the sort, Nicholson said. Resellers should also assess service response time to unpredictable attacks and whether a vendor had strong local support and their own technology, she said.
05 APPLICATION BASED THREATS
Gartner's Walls said 2008 would see more emphasis on threats targeting the application, rather than the operating system. Although Microsoft's latest operating system, Vista, is likely - like previous iterations of the Windows platform - to act as a honeypot for myriad attacks as adoption rises, more hackers and crackers are going to seek a way into the PC via specific applications - like instant messaging or VoIP. McAfee's Santonas said Vista remains a focus for risk regardless of Microsoft's efforts to boost the operating system's security. "There were more vulnerabilities discovered in the first few months of release than in the first nine months of XP," he said. "Some of those vulnerabilities might not be as critical but it gives you an indication of vulnerability."
Trend Micro's May said the move to virtualisation also raised questions around protecting virtual applications and machines. He said products around this issue would soon be announced.
Cisco's Bradley said most people focusing on data leakage had looked at endpoint security. Products such as Network Access Control (NAC), and Trend Micro's Endpoint Security and OfficeScan help. However, resellers needed to look at more network-centric solutions for the best possible response to application-based threats, Bradley said.
"You need to look at protecting the applications themselves," he said.
Resellers need to skill up to tackle the multiplicity of threats and threat vectors - with an eye to the actual targeting of applications. Gone are the days when a reseller could get by bundling in an Internet security package in a deployment, he said. "Resellers have tended to have a data-center team, a security team, a networking team - all these silos of information. You've got to get them to share knowledge [to tackle the modern security challenges]," Bradley said.