Upcoming Malware Threats and Dangers

A quick peek at what malware creators have in store for the coming months
January 2009
by Robin Wark

After having success the past few years, in 2009 malware writers and other online criminals will likely look to tweak what has worked for them. Also, don’t expect the levels of viruses, spyware, adware, phishing schemes to drop this year.

"The downturn in the economy spurs an increase in malware in general," said ParetoLogic computer security analyst Jean Taggart, who co-authors the informative Malware Diaries blog. "Desperate measures for desperate times."

Some of the things Taggart and other online security experts expect in 2009 are:


  • Smaller, more stealth botnets. Botnets are a network of “zombie” computers that, without their users’ permission, have been set up to forward on messages. They are most often used as spam or virus originators. Large scale attacks are often noticed quickly and updates for anti-virus software updated. However, smaller scale botnets can allow these systems to operate under the radar longer.
  • More attacks coming from websites. In July of 2008, there was reportedly more web-distributed malware than in all of 2007. This a trend that does not look like it will be changing anytime soon. As well, one web application security vendor predicted that this year more than 80 per cent of all malicious content will be hosted on sites with "good reputations."
  • Social network phishing. Facebook has surpassed 150 million users and MySpace has about 125 million. It only makes sense that the baddies want to prey upon these people. In these phishing attacks, they try to collect as much personal information as possible to then use for identity theft, fraud and to try to gain access to your accounts. These phishing attacks usually use sophisticated messages that prey upon people's high comfort levels with social networking sites. In December Twitter users were receiving emails that resembled what would come if they received a direct message. These messages included fake offers for iPhones and other technology gadgets. They included a link to a phony Twitter front page that asked the user to input their user name and password.
  • Rogue software will continue to thrive as Taggart said "the business model proves it works." Last year saw an increase in what is called scareware. These rogue scanners masquerade as anti-virus, anti-spyware or other applications. They claim that a user’s system is infected and require you to pay to fix the non-existent problem.
  • Compliant does not mean secure. The Payment Card Industry Data Security Standard has been developed and implemented, however that does not mean hackers will not be able to gain access to important information. Security experts predict this lesson will be driven home when a PCI DSS compliant financial institution suffers a major breach.

These are just some of the predictions for what will happen with malware in 2009. The key to protecting yourself is to be aware, follow safe surfing practices emphasizing common sense and install appropriate anti-virus protection on your PC and keep it updated.