[ISN] Security Warning 2008: Top 11 Malware Threats To Watch Out For

From: InfoSec News (alerts@private)
Date: Thu Feb 07 2008 - 23:40:18 PST


http://www.informationweek.com/news/showArticle.jhtml?articleID=206105996

By Thomas Claburn
InformationWeek
February 7, 2008

By the end of 2008, McAfee Avert Labs predicts it will have identified 
some 550,000 malicious programs, a 54% increase from 2007. With all the 
new malware emerging, we can expect new terminology to describe these 
constantly morphing threats. Here, then, is our only slightly 
tongue-in-check attempt to predict some of the rising threats in 2008 
and the language that may be employed to describe those threats.


Badvertising

With 38,500 mentions in Google, "badvertising" already has more of a 
following than a word like "malcode." The phenomenon it describes, 
advertising with malice, has been around for several years at least. To 
date, it has been enough to refer to criminal advertising using terms 
like "spam," "adware," and "spyware."

The trouble with these terns is that they can be used to refer to legal 
software or activities. Spam, of course, is permitted under the CAN SPAM 
Act of 2003. Adware and spyware, meanwhile, can perform their functions 
legally with user notice and consent (at least until the notice and 
consent is successfully challenged in court as inadequate).

While "crimeware" is becoming a popular term in lieu of the more fuzzily 
defined "spyware," "badversting" has an appealing specificity. 
"Crimeware" after all could refer not just to software but to hardware, 
like an ice pick. What "badvertising" recognizes is that not all 
advertising is good.

In 2008, we'll need the word because online advertising will become a 
major security problem. Indeed it is already: about 80% of malicious 
code online comes from online ads, according to the Q1 2007 Web Trends 
Security Report published by Finjan, a computer security company. Watch 
what happens when AdBlock Plus gets re-branded AdBlock Security.


Adsploit

We may also see "adsploit" emerge to refer to exploits delivered over ad 
networks. Admittedly, the term has a long way to go, with a mere four 
mentions in Google, none of which seem particularly coherent. But what 
better word is there to refer to malware like Trojan.Qhost.WU, which 
replaces Google AdSense text ads with ads from an unauthorized, 
potentially malicious provider.


Indexically Transmissible Viruses

Cyber criminals are working overtime to get their sites listed in search 
indexes. Gaming Google's PageRank algorithm to get one's malware site 
prominent placement on a search result page has proven to be an 
effective way to compromise the computers of unwary visitors. Google and 
the rest are fighting back, as suggests Google's purge of tens of 
thousands of malware-riddled pages from its index in late November. But 
the ease and speed with which new sites can be created means that the 
search companies have a hard time keeping up. Referring to "indexically 
transmissible viruses" seems like a way to blame search engines more and 
cyber criminals less, but that's the point: searching needs to be safe. 
"SEO poisoning" and "spamdexing" are both serviceable terms to describe 
this phenomenon. But few outside the tech and media industries know that 
SEO stands for search engine optimization, and spamdexing, after more 
than a decade of use, remains hobbled by legal tolerance for spamming 
and near universal desire among Web site owners for the benefits of 
spamdexing, namely better PageRank. Warning that a search site contains 
"indexically transmissible viruses" seems likely to elicit more caution 
from searchers, and more action from search engines, than those two 
older terms of art.


Snookies

Though the term, with 19,000 entries on Google, is the name of a cookie 
company, it might well be employed in the tech industry to refer to the 
misuse of Internet cookies, which are files that Web sites deposit on 
visitors' computers to identify them and to provide services.

Snookies, which stands for sneaky cookies, or subdomain cookies if you 
prefer something less pejorative, look like they're coming the Web 
domain of the site visited, but the subdomain they come from -- 
subdomain.domain.com, for example -- is set to point to a third-party 
server. The reason this is done is to avoid being blocked by users who 
have their Web browsers set to reject cookies from third-party sites.


Anti-Social Networking

A term that parodied the social networking craze could see further 
straight-faced use as cyber criminals step up efforts to pillage 
personal information from the likes of Facebook, MySpace, and Orkut. 
Google squashed the Orkut worm that emerged in December quite quickly 
but it's a safe bet that schemes to steal social networking data will 
become more common.


Social Graft

The abuse of one's social graph -- as Facebook calls its friend list -- 
for material gain. This could be used to describe the use of Facebook's 
Beacon technology as well as outright efforts at identity theft or 
related fraud. The term just begs to be used as a variation on the 
Google Social Graph API; calling it the Social Graft API seems to 
capture the spirit of exploiting one's friends.


Whaling

When you phish for big fish, you're whaling. Alan Paller at the SANS 
Institute uses the term to refer to targeting phishing attacks directed 
at high-profile individuals. While it may be unnecessary, given that 
spear-phishing adequately communicates that the attack in question was 
targeted, the exclusivity of the term -- not just anyone can be the 
victim of whaling -- suggests it may prosper among journalists 
determined to subtly flatter, or apologize to, VIP subjects featured in 
security breach stories. Even if the term dies as a result of being 
unnecessary, the trend of trying to trick high-value targets into giving 
up the keys to the kingdom is sure to increase. Lieware

In 2007, there was a lot of "rogue anti-virus software," which is 
sometimes also referred to as "fake anti-virus software." But these 
terms are confusing because there's too much negation going on. Fake 
anti-virus software is not anti-virus software at all. So what is it? 
"Lieware" is a much less unwieldy term to describe software that 
purports to be something that it isn't. With only 420 mentions in 
Google, the term has nowhere near the recognition of "adware" or 
"spyware." But thanks to the growing need for anti-virus products, we're 
sure to see more lieware trying to trick its way onto our systems.


Spham or Spamble

Security researchers foresee a rise in spam targeting mobile devices, 
particularly via SMS. Although the unappealing term "blogging" has given 
rise to the even more unappealing "moblogging" (blogging on a mobile 
device), "mospam" just doesn't work. While some have proposed "spamble" 
as shorthand for gambling spam, the term also has potential to suggest 
spam received while ambling about with a mobile device. "Spham" offers a 
more straightforward way to mix spam and phone, though the fact that it 
sounds the same as "spam" when spoken may limit its appeal. (Yes, you 
could emphasize the "h" and say "sp-ham," but people would just wonder 
whether the cause of your odd pronunciation was contagious.)


Backdoored

Everyone in the computer security business is familiar with backdoors 
and backdoor Trojans. In 2008, "backdoor," heretofore an adjective or 
noun, has a shot a being promoted, like the word "google," to verb. 
Here, in a hypothetical conversation with your company's chief security 
officer is how it might be used: "You were backdoored? Has anyone spoken 
for your office?" The reason for this is the success of malware like the 
Zlob backdoor Trojan, which security researchers expect to see much more 
frequently in the year to come.


Patch Fix

The patch fix is the patch that fixes the last patch. It may seem 
redundant, like "pizza pie," but given the number of patches that create 
more problems and subsequently have to be patched, redundancy appears to 
be necessary to compensate for the absence of code quality.

Copyright 2007 CMP Media LLC


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Fri Feb 08 2008 - 00:00:02 PST