AVG Research Team Looks Back at 2007’s Top Malware Threats; Forecasts Security Trends to Watch in 2008 Wednesday 9 January 2008 PDF Print Social Networking Sites will be Dominant Targets for Cybercriminals Newark, UK – 9th January, 2008 – Security experts at GRISOFT, developer of the AVG family of security software products, today publish their analysis of 2007’s top viruses, Internet hacks and exploits, and reveal their forecast for the top security threats facing computer users in 2008. According to the team, viruses made up some 15 percent of the threat landscape in 2007, consistent with the company’s predictions at the end of 2006; phishing scams, backdoor worms, trojans, keyloggers, spyware, adware and other web-based exploits comprised the majority of threats. Top Ten Viruses for 2007 According to AVG’s global security strategist Larry Bridwell, the 10 viruses exhibiting the most staying power in 2007 are: 1. W32/Detnat 2. W32/Netsky 3. W32/Mytob 4. W32/Bagle 5. W32/MyWife 6. W32/Virut 7. W32/Zafi 8. W32/MyDoom 9. W32/Lovegate 10. W32/Bagz “The anti-virus industry has been in a transition period the past two to three years as malware has morphed from simple viruses to complex malicious website hacks that combine exploits and social engineering to scam unsuspecting users of their data,” said Bridwell. “As 2008 ushers in new security issues and challenges, Internet users need to boost their anti-malware defences with safe surfing tools like AVG LinkScanner that detect and stop web exploits in real time.” Unlike traditional malware such as viruses or trojans that are created by thrill-seeking programmers and computer geeks trying to create chaos, exploits are a fast-growing category of crimeware applications used by criminal cyber-gangs to steal digital assets for financial gain. Exploits are usually delivered in the form of drive-by downloads intended to take advantage of unpatched computer vulnerabilities. “2007 was the year that cybercriminals began to seriously employ exploits and social engineering attacks to undermine the trusted web,” adds AVG’s chief technology officer Karel Obluk. “We expect the bad guys to leverage the knowledge gained this year to wage larger scale attacks using a wide range of malware tools. The real danger is that these attacks will begin to impact the growth of search engine and social networking use.” Top Ten Web Exploits for 2007 Drawing on research gained through its recent acquisition of Exploit Prevention Labs, AVG identified the following as the top ten web exploits of 2007: 1. Super Bowl/Dolphins website drive-by download hack (February) 2. Google AdWords reroute via malicious site (April) 3. Google Bait & Switch keyword site exploit servers (July) 4. Bank of India website drive-by download hack (August) 5. Storm Trojan Fakes YouTube Links through phishing and fake codecs (August) 6. .Gov Hacks cause government websites to serve porn, malware, and fake anti-spyware (September) 7. Facebook Banner Ads used to distribute adware-driven exploits (September) 8. Alicia Keys/MySpace Hack deliver behind-the-scenes drive-by exploits (November) 9. MLB & NHL.com malicious banner ads hijack user sessions, push malware (November) 10. Monster.com hack feeds exploits to jobseekers (November) “From the attacks on Facebook and the Major League Baseball Web site to the Alicia Keys’ sites, it’s clear over the past year that incidence of online threats is accelerating,” said Roger Thompson, chief research officer at AVG. “In 2008, Internet users are likely to see more sophisticated attacks as organized cybercriminals step up their efforts to steal digital assets from social networking site users. Social networks are particularly vulnerable because they rely heavily on hyperlinked content, information sharing and the trust of their participants.” Top Security Threats Expected in 2008 Thompson’s team has identified five major areas of continued or increased risk for Internet users in the coming year: 1. Web exploits and web-based social engineering attacks. “Viruses will continue to be a threat, but we’ll also see an explosion of exploits through social engineering and Web 2.0 attacks in 2008,” said Thompson. 2. Storm Worm on the rise. “Storm is here to stay,” said Obluk. “We’re seeing pieces of Storm sold off to the bad guys and we expect orchestrated attacks across multiple platforms.” 3. Email-propagated viruses. Many novice users remain unaware of email security issues and continue to open attachments from senders they do not know or click on unsafe hyperlinks. 4. Web exploits targeting trusted web sites. “Today’s cybercriminals tend to go for the low-hanging fruit, ” said Thompson. “If they can infiltrate a popular site, they will reap their rewards quickly and be gone in no time.” 5. An increase in the number of Windows Vista attacks. With increasing adoption of Microsoft’s latest operating system, Vista will become a bigger and thus a more tempting target for the bad guys. While AVG expects international law makers to pay closer attention to cybercrime in 2008, it’s unlikely that stronger laws will deter cybercriminals. “The international laws against drug trafficking have not significantly dented the traffickers’ incomes,” said Obluk. “So there’s little reason for us to believe that laws against criminal behaviour in cyberspace will have much impact on online fraud. There is simply too much money to be made.” - ends - About GRISOFT Founded in 1991 and headquartered in Brno, Czech Republic, GRISOFT (http://www.grisoft.com) is a leading developer of anti-virus, firewall protection and Internet security solutions for consumers and SMBs. GRISOFT is one of the fastest growing companies in the industry with more than 60 million protected users around the world. The company has regional offices in North America and the United Kingdom, and employs some of the world’s leading experts in Internet security, specifically in the areas of virus analysis and detection, software development, and security research. The company’s award-winning products are distributed globally through its extensive network of resellers and the Internet as well as via Software Developer’s Kits (SDK) to interested third parties. For more information: Paul Shlackman, BondPR t: 01628 673 007 e: firstname.lastname@example.org This press release was distributed by ResponseSource Press Release Wire on behalf of BondPR UK in the following categories: Consumer Technology, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.