100 000 new viruses in 2007

Security group McAfee recorded more than 100 000 new viruses and Trojans this year and is expecting the threat landscape to continue to expand.

McAfee Avert Labs` new report, "Top 10 Threat Predictions for 2008", forecasts the proliferation of various threats following an explosion in the use of new technology, such as voice over Internet Protocol (VOIP) and Web 2.0.

A positive prediction in the report is a further 30% decline in adware next year. This McAfee attributes to a combination of lawsuits, better defences and negativity surrounding advertising through this medium. In addition, major players such as Direct Revenue and Claria are no longer participating.

On the negative side, the group also predicts a large increase in the number of attacks on Web 2.0 sites as a way to distribute malware. Compromises and malware at Salesforce.com, Monster.com and MySpace, among others, represent a new trend in attacking online applications and social networking sites, according to the report.

VOIP is another area highlighted in the report, with a prediction that attacks in this area should increase 50% next year.

"More than twice the number of VOIP-related vulnerabilities were reported in 2007, versus the previous year - several high-profile 'vishing` attacks, and a criminal phreaking (or fraud) conviction - so it`s clear that VOIP threats have arrived and there`s no sign of a slowdown," the report says.

"Threats are moving to the Web and newer technologies such as VOIP and instant messaging," says Chris van Niekerk, McAfee`s regional director for Africa. "Professional and organised criminals continue to drive a lot of the malicious activity. As they become increasingly sophisticated, it is more important than ever to be aware and secure when traversing the Web."

The report says researchers have for several years been warning of the risk of a self-executing instant messaging (IM) worm.

"This threat could spawn millions of users and circle the globe in a matter of seconds," it says. "Although IM malware has existed for years, we have yet to see such a self-executing threat. While it`s anyone`s guess exactly when this threat will emerge, the stars may be starting to align."

It says the US`s National Vulnerability Database reports more than twice the number of AIM, YIM and MSN Messenger vulnerabilities in 2007 over the previous year.

"More important, there were 10 high-severity risks in 2007, compared with zero in 2006. Additionally, the top IM virus families of 2005 and 2006 were replaced with new active threats, signifying an 'out with the old and in with the new` milestone."

According to the report, Skype, with almost a quarter-billion users, experienced its first batch of worms this year, with many more expected to follow.

The report points out that while Microsoft`s Windows Vista operating system had a market share of less than 10% this year, the adoption rate is likely to accelerate next year. At the same time, professional attackers and malware authors may explore ways to circumvent the operating system`s defences.