Security company AVG has published its analysis of 2007's top viruses, Internet hacks and exploits, and reveals its forecast for the top security threats facing computer users in 2008.
According to the team, viruses made up 15% of the threat landscape in 2007, consistent with the company's predictions at the end of 2006. Phishing scams, backdoor worms, Trojans, keyloggers, spyware, adware and other Web-based exploits comprised the majority of threats.
Top 10 viruses for 2007
According to AVG global security strategist Larry Bridwell, the 10 viruses exhibiting the most staying power in 2007 are:
1. W32/Detnat
2. W32/Netsky
3. W32/Mytob
4. W32/Bagle
5. W32/MyWife
6. W32/Virut
7. W32/Zafi
8. W32/MyDoom
9. W32/Lovegate
10. W32/Bagz
"The anti-virus industry has been in a transition period the past two to three years, as malware has morphed from simple viruses to complex malicious Web site hacks that combine exploits and social engineering to scam unsuspecting users of their data," says Bridwell.
"2007 was the year that cyber-criminals began to seriously employ exploits and social engineering attacks to undermine the trusted Web," adds AVG CTO Karel Obluk.
"We expect the bad guys to leverage the knowledge gained this year to wage larger scale attacks using a wide range of malware tools. The real danger is that these attacks will begin to impact the growth of search engine and social networking use."
Top 10 Web exploits
Drawing on research gained through its recent acquisition of Exploit Prevention Labs, AVG identified the following as the top 10 Web exploits of 2007:
1. Super Bowl/Dolphins Web site drive-by download hack (February).
2. Google AdWords reroute via malicious site (April).
3. Google Bait & Switch keyword site exploit servers (July).
4. Bank of India Web site drive-by download hack (August).
5. Storm Trojan fakes YouTube links through phishing and fake codecs (August).
6. .Gov hacks cause government Web sites to serve porn, malware, and fake anti-spyware (September).
7. Facebook banner ads used to distribute adware-driven exploits (September).
8. Alicia Keys/MySpace hack deliver behind-the-scenes drive-by exploits (November).
9. MLB and NHL.com malicious banner ads hijack user sessions, push malware (November).
10. Monster.com hack feeds exploits to jobseekers (November).
Roger Thompson, chief research officer at AVG, says: "In 2008, Internet users are likely to see more sophisticated attacks as organised cyber-criminals step up their efforts to steal digital assets from social networking site users. Social networks are particularly vulnerable because they rely heavily on hyperlinked content, information sharing and the trust of their participants."
2008 predictions
Five major areas of continued or increased risk for Internet users in the coming year have been identified by AVG.
1. Web exploits and Web-based social engineering attacks: "Viruses will continue to be a threat, but we'll also see an explosion of exploits through social engineering and Web 2.0 attacks in 2008," says Thompson.
2. Storm Worm on the rise: "Storm is here to stay," says Obluk. "We're seeing pieces of Storm sold off to the bad guys and we expect orchestrated attacks across multiple platforms."
3. E-mail-propagated viruses: "Many novice users remain unaware of e-mail security issues and continue to open attachments from senders they do not know or click on unsafe hyperlinks," explains Thompson.
4. Web exploits targeting trusted Web sites: "Today's cyber-criminals tend to go for the low-hanging fruit," he says. "If they can infiltrate a popular site, they will reap their rewards quickly and be gone in no time."
5. An increase in the number of Windows Vista attacks. "With increasing adoption of Microsoft's latest operating system, Vista will become a bigger and, thus, a more tempting target for the bad guys," Thompson concludes.
Share