11 New Malware Threats
By the end of 2008, McAfee Avert Labs predicts it will have identified some
550,000 malicious programs, a 54% increase from 2007. With all the new malware
emerging, we can expect new terminology to describe these constantly morphing
threats. Here, then, is a only slightly tongue-in-check attempt to predict
some of the rising threats in 2008 and the language that may be employed to
describe those threats.
Badvertising
With 38,500 mentions in Google, "badvertising" already has more of a
following than a word like "malcode." The phenomenon it describes, advertising
with malice, has been around for several years at least. To date, it has been
enough to refer to criminal advertising using terms like "spam," "adware," and
"spyware."
The trouble with these terns is that they can be used to refer to legal software
or activities. Spam, of course, is permitted under the CAN SPAM Act of 2003.
Adware and spyware, meanwhile, can perform their functions legally with user
notice and consent (at least until the notice and consent is successfully
challenged in court as inadequate).
While "crimeware" is becoming a popular term in lieu of the more fuzzily defined
"spyware," "badversting" has an appealing specificity. "Crimeware" after all
could refer not just to software but to hardware, like an ice pick. What
"badvertising" recognizes is that not all advertising is good.
In 2008, we'll need the word because online advertising will become a major
security problem. Indeed it is already: about 80% of malicious code online comes
from online ads, according to the Q1 2007 Web Trends Security Report published
by Finjan, a computer security company. Watch what happens when AdBlock Plus
gets re-branded AdBlock Security.
Adsploit
We may also see "adsploit" emerge to refer to exploits delivered over ad
networks. Admittedly, the term has a long way to go, with a mere four mentions
in Google, none of which seem particularly coherent. But what better word is
there to refer to malware like Trojan.Qhost.WU, which replaces Google AdSense
text ads with ads from an unauthorized, potentially malicious provider.
Indexically Transmissible Viruses
Cyber criminals are working overtime to get their sites listed in search
indexes. Gaming Google's PageRank algorithm to get one's malware site prominent
placement on a search result page has proven to be an effective way to
compromise the computers of unwary visitors. Google and the rest are fighting
back, as suggests Google's purge of tens of thousands of malware-riddled pages
from its index in late November. But the ease and speed with which new sites can
be created means that the search companies have a hard time keeping up.
Referring to "indexically transmissible viruses" seems like a way to blame
search engines more and cyber criminals less, but that's the point: searching
needs to be safe. "SEO poisoning" and "spamdexing" are both serviceable terms to
describe this phenomenon. But few outside the tech and media industries know
that SEO stands for search engine optimization, and spamdexing, after more than
a decade of use, remains hobbled by legal tolerance for spamming and near
universal desire among Web site owners for the benefits of spamdexing, namely
better PageRank. Warning that a search site contains "indexically transmissible
viruses" seems likely to elicit more caution from searchers, and more action
from search engines, than those two older terms of art.
Though the term, with 19,000 entries on Google, is the name of a cookie
company, it might well be employed in the tech industry to refer to the misuse
of Internet cookies, which are files that Web sites deposit on visitors'
computers to identify them and to provide services.
Snookies, which stands for sneaky cookies, or subdomain cookies if you prefer
something less pejorative, look like they're coming the Web domain of the site
visited, but the subdomain they come from -- subdomain.domain.com, for example
-- is set to point to a third-party server. The reason this is done is to avoid
being blocked by users who have their Web browsers set to reject cookies from
third-party sites.
A term that parodied the social networking craze could see further
straight-faced use as cyber criminals step up efforts to pillage personal
information from the likes of Facebook, MySpace, and Orkut. Google squashed the
Orkut worm that emerged in December quite quickly but it's a safe bet that
schemes to steal social networking data will become more common.
The abuse of one's social graph -- as Facebook calls its friend list -- for
material gain. This could be used to describe the use of Facebook's Beacon
technology as well as outright efforts at identity theft or related fraud. The
term just begs to be used as a variation on the Google Social Graph API; calling
it the Social Graft API seems to capture the spirit of exploiting one's friends.
When you phish for big fish, you're whaling. Alan Paller at the SANS
Institute uses the term to refer to targeting phishing attacks directed at
high-profile individuals. While it may be unnecessary, given that spear-phishing
adequately communicates that the attack in question was targeted, the
exclusivity of the term -- not just anyone can be the victim of whaling --
suggests it may prosper among journalists determined to subtly flatter, or
apologize to, VIP subjects featured in security breach stories. Even if the term
dies as a result of being unnecessary, the trend of trying to trick high-value
targets into giving up the keys to the kingdom is sure to increase.
In 2007, there was a lot of "rogue anti-virus software," which is sometimes
also referred to as "fake anti-virus software." But these terms are confusing
because there's too much negation going on. Fake anti-virus software is not
anti-virus software at all. So what is it? "Lieware" is a much less unwieldy
term to describe software that purports to be something that it isn't. With only
420 mentions in Google, the term has nowhere near the recognition of "adware" or
"spyware." But thanks to the growing need for anti-virus products, we're sure to
see more lieware trying to trick its way onto our systems.
Security researchers foresee a rise in spam targeting mobile devices,
particularly via SMS. Although the unappealing term "blogging" has given rise to
the even more unappealing "moblogging" (blogging on a mobile device), "mospam"
just doesn't work. While some have proposed "spamble" as shorthand for gambling
spam, the term also has potential to suggest spam received while ambling about
with a mobile device. "Spham" offers a more straightforward way to mix spam and
phone, though the fact that it sounds the same as "spam" when spoken may limit
its appeal. (Yes, you could emphasize the "h" and say "sp-ham," but people would
just wonder whether the cause of your odd pronunciation was contagious.)
Everyone in the computer security business is familiar with backdoors and
backdoor Trojans. In 2008, "backdoor," heretofore an adjective or noun, has a
shot a being promoted, like the word "google," to verb. Here, in a hypothetical
conversation with your company's chief security officer is how it might be used:
"You were backdoored? Has anyone spoken for your office?" The reason for this is
the success of malware like the Zlob backdoor Trojan, which security researchers
expect to see much more frequently in the year to come.
The patch fix is the patch that fixes the last patch. It may seem redundant,
like "pizza pie," but given the number of patches that create more problems and
subsequently have to be patched, redundancy appears to be necessary to
compensate for the absence of code quality.