Research: Web, Windows Vista Threats To Rise While Adware Declines In 2008 -- Security Today

Research: Web, Windows Vista Threats To Rise While Adware Declines In 2008

Nov 16, 2007

McAfee Inc. recently released its Top 10 predictions for security threats in 2008. Researchers at McAfee Avert Labs expect an increase in Web dangers and threats targeting Microsoft Corp.'s Windows Vista operating system, among other new or increased threats. At the same time ad-serving software known as adware is expected to continue to decrease.

"Threats are increasingly moving to the Web and migrating to newer technologies such as VoIP and instant messaging," said Jeff Green, senior vice president of McAfee Avert Labs and product development. "Professional and organized criminals continue to drive a lot of the malicious activity. As they become increasingly sophisticated, it is more important than ever to be aware and secure when traversing the Web."

McAfee Avert Labs' Top 10 security threats for 2008:

Bull's Eye on Web 2.0. Compromises and malware at Salesforce.com, Monster.com and MySpace, among others, represent a new trend in attacking online applications and social networking sites. Attackers are using Web 2.0 sites as a way to distribute malware and are data mining the Web, looking for information people share to give their attacks more authenticity. McAfee Avert Labs expects a large increase in this activity in 2008.

Botnets Follow The Storm. With a handful of high-profile prosecutions of bot herders in 2007, criminals will be seeking better ways to cover their tracks. The Storm Worm set a worrying precedent. Also known as Nuwar, the Storm Worm has been the most versatile malware on record. The creators released thousands of variants and changed coding techniques, infection methods and social engineering schemes far more than any other threat in history. Storm created the largest peer-to-peer botnet ever. McAfee Avert Labs expects others will ride the coattails of that questionable success, pushing up the number of PCs turned into bots. Bots are computer programs that give cyber crooks full control over PCs. Bot programs typically get installed surreptitiously on the PCs of unknowing computer users.

IM = Instant Malware. The scenario of a "flash" worm via instant messaging applications has been foreshadowed for years. This threat could reach millions of users around the globe in a matter of seconds. There has been malware that spreads via IM, but we have yet to see such a self-executing threat. However, this may be closer than ever as the number of vulnerabilities in popular instant messaging applications more than doubled in 2007 compared to 2006. More importantly, there were 10 high-severity risks in 2007, compared to none in 2006. Additionally, the top IM virus families of 2005 and 2006 were replaced with new active threats, signifying an out with the old and in with the new milestone. Skype saw its first batch of worms in 2007. Many more are expected to follow.

Target: Online Gaming. The threat to virtual economies is outpacing the growth of the threat to the real economy. As virtual objects continue to gain real value, more attackers will look to capitalize on this. The evidence is already there. The number of password-stealing Trojans that targeted online games in 2007 grew faster than the number of Trojans that target banks.

Vista Joins The Party. In 2008, Windows Vista is set to gain additional market share and cross the 10 percent barrier. The release of Service Pack 1 for Vista is also likely to accelerate the adoption of the Microsoft operating system. As Vista becomes more prevalent, attackers and malware authors will start in earnest to explore ways to circumvent the operating system's defenses. There were 19 Vista vulnerabilities reported since its release earlier this year. McAfee Avert Labs expect a lot more Vista vulnerabilities to be reported in 2008.

Adware Continues Its Decline. The government crackdown against purveyors of ad-serving software has had a positive effect. The combination of lawsuits, better defenses, and the negative connotation associated with this form of advertising helped start the decline of adware in 2006. This trend was confirmed in 2007 and with the major players out of the game, adware is expected to continue its decline in 2008.

Phishers Catch A Wider Net. Cybercrooks will increasingly target smaller, less-popular sites with data-thieving phishing scams. It has become tougher and riskier to target top-tier sites as the big-name brands are responding more quickly and providing increased security. Knowing that a large percentage of people reuse their usernames and passwords, less popular sites are likely to be targeted more frequently than before, giving criminals the same access.

Parasitic Crimeware Takes Root. Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. While crimeware was storming ahead in recent years, parasitic malware faded to the background. In 2007 several crimeware authors turned old school to deliver threats like Grum, Virut, and Almanahe; parasitic viruses with a monetary mission. The number of variants of an older parasitic threat, Philis, grew by more than 400 percent, while over 400 variants of a newcomer, Fujacks, were cataloged. McAfee Avert Labs expect a continued interest in parasitics from the crimeware community, with overall parasitic malware expected to grow by 20 percent in 2008.

Virtualization Transforms Information Security. Security vendors will embrace virtualization to create new, more resilient defenses. Today's complex threats will be easily defeated, but researchers, professional hackers, and malware authors will begin looking at ways to circumvent the new defensive technology, continuing the classic game of cat and mouse.

VoIP Attacks To Rise 50 Percent. Already this year, more than double the number of security vulnerabilities have been reported in Voice over IP applications, compared to all of 2006. We have also seen several high-profile "Vishing" attacks and a "phreaking" conviction. It is clear that VoIP threats have arrived and there's no sign of a slow down. The technology is still new and defense strategies are lagging. McAfee Avert Labs expects a 50 percent increase in VoIP-related threats in 2008.

i-PRO Certified as a 2025 Great Place to Work Around the World
11/20/2025
Allied Universal Named to Forbes List of America’s Best Companies
11/19/2025
Motorola Solutions Acquires Blue Eye
11/19/2025
SIA Names Jonathan Aguila as 2025 Insightful Practitioner Award Honoree
11/13/2025
Allied Universal Receives Top 50 Learning and Development Team Award
11/13/2025
PSA Network Joins the Foundation for Advancing Security Talent (FAST) as an Exclusive Member
11/12/2025
IPTECHVIEW Launches AI Orchestrator Cloud Video Management Platform
11/12/2025
barox Appoints Industry Veteran Reinhard Florin as Vice President of North America Sales
11/06/2025

Featured

The Evolution of IP Camera Intelligence

As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now
- IP Video
From Surveillance to Intelligence

Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now
Cost: Reactive vs. Proactive Security

Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now
- Facility Security
Achieving Clear Audio

In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now
- Facility Security
Beyond Apps: Access Control for Today’s Residents

The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now
- Access Control

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”
Connect ONE®

Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.