Reports from security provider MessageLabs suggest that virus writers are highly likely to release increasingly sophisticated strains of malware over the course of next year in an effort to get back in to the game after some high-profile botnet shutdown operations in 2008.
The organisation predicts that hackers will set off a series of attacks in which malware will exists as a virtualization layer running directly on the hardware and hidden by the operating system.
Senior analyst Paul Wood from Message Labs explained further: “The operating system does not know it’s there, and the malware will be intercepting low-level operating system calls.”
“The problem will be in realizing it’s there and understanding how to clean up, because it’s so low-level and tangled up in the operating system that sometimes the only recourse is to reinstall the machine from scratch.”
He believes that cyber criminals will concentrate of infecting systems with sophisticated malware that can switch between different tasks as appropriate. He gives the example that if a piece if malware determines that the spam it is sending out is being blocked, it could then be told to launch denial-of-service attacks instead.
Also according to MessageLabs, mobile malware is set to increase in 2009, but not with the goal of infecting devices to create botnets – instead attackers will try to make money by subverting the phones so that they dial premium rate lines set up by the criminals – “thank you for holding, your cash is important to us”.
The company predicts that phishing scams will increase massively, and increase in cleverness, as the criminals target weaknesses in Domain Name Server (DNS) system to launch phishing websites by creating sub-domains in exposed accounts. This method could be used to find a way round the traditional URL filters that can detect when criminals use type-squatting techniques, which rely on the mistakes of users typing in the wrong address in a browser.
“We have seen legitimate businesses with good domains being taken over in some way,” said Wood. “The criminals gain access to the admin function of their DNS console, add sub-domains to their records and then use these domains in phishing e-mails.”