Jump to content
xisto Community
Sign in to follow this  
Followers 0
Saint_Michael

Security Warning 2008: Top 11 Malware Threats To Watch Out For

By Saint_Michael, in Security issues & Exploits

Recommended Posts

Saint_Michael    3

Saint_Michael
Posted

Before I go into this topic I have to say, stop making up these crazy names. I know I just getting into the security side of things but still as long as there are computer problems and ways to sucker someone into downloading the stuff, the crazy names will still live on.

LiewareADVERTISEMENT

In 2007, there was a lot of "rogue anti-virus software," which is sometimes also referred to as "fake anti-virus software." But these terms are confusing because there's too much negation going on. Fake anti-virus software is not anti-virus software at all. So what is it? "Lieware" is a much less unwieldy term to describe software that purports to be something that it isn't. With only 420 mentions in Google, the term has nowhere near the recognition of "adware" or "spyware." But thanks to the growing need for anti-virus products, we're sure to see more lieware trying to trick its way onto our systems.

Spham or Spamble

Security researchers foresee a rise in spam targeting mobile devices, particularly via SMS. Although the unappealing term "blogging" has given rise to the even more unappealing "moblogging" (blogging on a mobile device), "mospam" just doesn't work. While some have proposed "spamble" as shorthand for gambling spam, the term also has potential to suggest spam received while ambling about with a mobile device. "Spham" offers a more straightforward way to mix spam and phone, though the fact that it sounds the same as "spam" when spoken may limit its appeal. (Yes, you could emphasize the "h" and say "sp-ham," but people would just wonder whether the cause of your odd pronunciation was contagious.)

Backdoored

Everyone in the computer security business is familiar with backdoors and backdoor Trojans. In 2008, "backdoor," heretofore an adjective or noun, has a shot a being promoted, like the word "google," to verb. Here, in a hypothetical conversation with your company's chief security officer is how it might be used: "You were backdoored? Has anyone spoken for your office?" The reason for this is the success of malware like the Zlob backdoor Trojan, which security researchers expect to see much more frequently in the year to come.

Patch Fix

The patch fix is the patch that fixes the last patch. It may seem redundant, like "pizza pie," but given the number of patches that create more problems and subsequently have to be patched, redundancy appears to be necessary to compensate for the absence of code quality.

"SEO poisoning" and "spamdexing" are both serviceable terms to describe this phenomenon. But few outside the tech and media industries know that SEO stands for search engine optimization, and spamdexing, after more than a decade of use, remains hobbled by legal tolerance for spamming and near universal desire among Web site owners for the benefits of spamdexing, namely better PageRank. Warning that a search site contains "indexically transmissible viruses" seems likely to elicit more caution from searchers, and more action from search engines, than those two older terms of art.

Snookies

Though the term, with 19,000 entries on Google, is the name of a cookie company, it might well be employed in the tech industry to refer to the misuse of Internet cookies, which are files that Web sites deposit on visitors' computers to identify them and to provide services.

Snookies, which stands for sneaky cookies, or subdomain cookies if you prefer something less pejorative, look like they're coming the Web domain of the site visited, but the subdomain they come from -- subdomain.domain.com, for example -- is set to point to a third-party server. The reason this is done is to avoid being blocked by users who have their Web browsers set to reject cookies from third-party sites.

Anti-Social Networking

A term that parodied the social networking craze could see further straight-faced use as cyber criminals step up efforts to pillage personal information from the likes of Facebook, MySpace, and Orkut. Google squashed the Orkut worm that emerged in December quite quickly but it's a safe bet that schemes to steal social networking data will become more common.

Social Graft

The abuse of one's social graph -- as Facebook calls its friend list -- for material gain. This could be used to describe the use of Facebook's Beacon technology as well as outright efforts at identity theft or related fraud. The term just begs to be used as a variation on the Google Social Graph API; calling it the Social Graft API seems to capture the spirit of exploiting one's friends.

Whaling

When you phish for big fish, you're whaling. Alan Paller at the SANS Institute uses the term to refer to targeting phishing attacks directed at high-profile individuals. While it may be unnecessary, given that spear-phishing adequately communicates that the attack in question was targeted, the exclusivity of the term -- not just anyone can be the victim of whaling -- suggests it may prosper among journalists determined to subtly flatter, or apologize to, VIP subjects featured in security breach stories. Even if the term dies as a result of being unnecessary, the trend of trying to trick high-value targets into giving up the keys to the kingdom is sure to increase.

By the end of 2008, McAfee Avert Labs predicts it will have identified some 550,000 malicious programs, a 54% increase from 2007. With all the new malware emerging, we can expect new terminology to describe these constantly morphing threats. Here, then, is our only slightly tongue-in-check attempt to predict some of the rising threats in 2008 and the language that may be employed to describe those threats.

Badvertising

With 38,500 mentions in Google, "badvertising" already has more of a following than a word like "malcode." The phenomenon it describes, advertising with malice, has been around for several years at least. To date, it has been enough to refer to criminal advertising using terms like "spam," "adware," and "spyware."

The trouble with these terns is that they can be used to refer to legal software or activities. Spam, of course, is permitted under the CAN SPAM Act of 2003. Adware and spyware, meanwhile, can perform their functions legally with user notice and consent (at least until the notice and consent is successfully challenged in court as inadequate).

While "crimeware" is becoming a popular term in lieu of the more fuzzily defined "spyware," "badversting" has an appealing specificity. "Crimeware" after all could refer not just to software but to hardware, like an ice pick. What "badvertising" recognizes is that not all advertising is good.

In 2008, we'll need the word because online advertising will become a major security problem. Indeed it is already: about 80% of malicious code online comes from online ads, according to the Q1 2007 Web Trends Security Report published by Finjan, a computer security company. Watch what happens when AdBlock Plus gets re-branded AdBlock Security.

Adsploit

We may also see "adsploit" emerge to refer to exploits delivered over ad networks. Admittedly, the term has a long way to go, with a mere four mentions in Google, none of which seem particularly coherent. But what better word is there to refer to malware like Trojan.Qhost.WU, which replaces Google AdSense text ads with ads from an unauthorized, potentially malicious provider.

Indexically Transmissible Viruses

Cyber criminals are working overtime to get their sites listed in search indexes. Gaming Google's PageRank algorithm to get one's malware site prominent placement on a search result page has proven to be an effective way to compromise the computers of unwary visitors. Google and the rest are fighting back, as suggests Google's purge of tens of thousands of malware-riddled pages from its index in late November. But the ease and speed with which new sites can be created means that the search companies have a hard time keeping up. Referring to "indexically transmissible viruses" seems like a way to blame search engines more and cyber criminals less, but that's the point: searching needs to be safe.


#1 Lieware

I remember this new term since this showed up last year, and was somewhat surprise that the programming underground is going after the antivirus software in this fashion. Basically lieware is completely disguising itself as software or more importantly as anti-virus software, and then once someone downloads and installs that lieware they just open their computer up. That is my understanding of how the concept works, but since it is still relatively new the answer will be more specific.

#2 Spham or Spamble

Ok who ever thought that one up should get shot just because it is a fancy word for spam

#3 Backdoored

I dunno it would be frivolous to be changing a word fro ma noun to a verb, but I digress people will do anything to be that guy or girl to coin a new term. Just like the one in #2.


#4 Patch Fix

Now this makes sense if some of you remember a few of my Microsoft topics about putting out a new patch after the last patch screwed up something before. Of course how the heck that has to cheating search engines has gotten me.

$5 Snookies

Again another one of those terms people will talk about because some guy thought it up, although getting in through a computer through its cookies is not new, but a lot more challanging since the data is displayed differently then one would think.

#6 Anti-Social Networking

I was hoping that they were talking about killing all these social website, but no I was wrong. Like trying to steal people's information isn't obvious enough they have to think up stupid terms like this, but I think whats stupid is people are putting their actual info on a public website.

#7 Social Graft

Everyone should remember that dirty little incident, but still call it what you want but identity theft is still the proper word for it.

#8 Whaling

I found this to be the more interesting of the 11 just because the details that go around it make more sense the the rest of these wacky terms. Of course it should be interesting to here that in a conversation though, "so what happen to you today?" "Nothing went whaling and scored big."

#9 Badvertising

Heck I am surprise they don't talk about the websites who are noting but advertisements, but I am somewhat aware of the good heckers and script kiddies do with when setting up advertisement strings with a side of virus or spyware. I would have to agree that 2008 will and should finish up the the advertising wars with all the big names being bought out and stuff.

#10 Adsploit

Well I might have confused the badvertising with this one, but the idea's still revolve around each other.

#11 Indexically Transmissible Viruses

Now I will go on a limb and say this will be the biggest malware out of this group since it already has happen once, it should be interesting how much reprogramming google will have to do with in order to plug the security holes. Thus making it more difficult to get indexed.

Well that is the list of what to expect this year, I hope most of them terms get killed off and what not, but a few seems legit as to what they are supposed to do.

SOURCE

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept