Computer users can be sure that the amount of malware they're exposed to will increase in 2009.
Between January and August 2008, Panda Security's laboratory had detected as many malware strains as in the previous 17 years combined, and this trend is expected to continue or even grow in 2009.
Banker Trojans and fake antiviruses will be the most prevalent malware types in 2009. Banker Trojans are designed to steal login passwords for banking services, account numbers, etc, while fake antiviruses try to pass themselves off as real antivirus products to convince targeted users they have been infected by malicious codes.
Victims are then prompted to buy the rogue antivirus to remove these bogus infections. Cyber-crooks are currently profiting substantially from this type of fraud.
As for methods of malware distribution, Panda has predicted an increased use of social networks, not only by worms trying to spread from one user to another, but by malicious code designed to carry out more dangerous actions like theft of confidential data.
Similarly, malware distribution through SQL injection attacks will continue to rise. This type of attack infects users that visit certain Web pages without them even realising. To do this, cyber-crooks exploit vulnerabilities on the servers that host these pages.
"A technique that will certainly become popular in 2009 will be the use of customised packers and obfuscators," says Jeremy Matthews, head of Panda Security's sub-Saharan operations. "These tools are used to compress malware and make detection more difficult. Cyber-criminals will try to avoid the standard tools available in forums, websites, etc., and turn to their own obfuscators in an attempt to evade 'signature-based' detection by security solutions."
The same reason can explain the anticipated rebirth of classic malicious code such viruses in 2009. The use of increasingly sophisticated detection technologies like Panda Security's Collective Intelligence, capable of detecting even low-level attacks and the newest malware techniques, will make cyber-crooks turn to old codes, adapted to new needs.
But, instead of viruses being designed to prevent systems from working or files from being opened, as they did ten years ago, they will rather be aimed at hiding Trojans used for theft of banking information.
Panda Security's laboratory forecasts a significant proliferation of malware targeting new platforms such as Mac OS Leopard X, Linux or iPhone. However, these new codes will never be as numerous as those for Windows systems.
"The number of malware strains created for Mac or Linux platforms will grow in 2009, although they will still represent a very low percentage compared to the total number of threats," says Matthews. "The reason for this is efficiency. If, for every sample emailed to a million people, 3% get infected, it is obviously much more productive to send it to a platform used by millions of users than to another, less popular platform, which will offer a lower number of potential victims."
Over the last few months of 2008, PandaLabs conducted research showing a clear correlation between the financial crisis and malware strategies. The laboratory has discovered that every stock market drop is followed by a spike in the amount of malware in circulation. Similarly, the increase in the unemployment rate translates into a boom in false job offers aimed at recruiting money mules.
According to the PandaLabs forecasts, this will repeat in 2009. Fake job offers will continue to grow whenever the unemployment rate goes up. In financial crisis situations, cyber-crooks prey on unemployed people with attractive job offers that really aim at capturing money mules, that is, people to help them launder money generated from illegal activities.
"Malware in 2009 is expected to grow and become more sophisticated and more difficult to detect. There will also be an increase in Web-based attacks and attacks through social networks, which allow for more silent infections," concludes Matthews. "The financial crisis will also bring an increase in malware and false job offers."