Page 3 of 3   <      

Cyber Crime Hits the Big Time in 2006

"More people are starting to lock down their systems with firewalls and other security applications, so the bad guys attack holes in these and other applications instead of trying to get in through holes in the underlying operating system," Liston said. "And these are the types of attacks we can expect to intensify in the next few years.

Dim Prospects for 2007

Websense's Hubbard predicts that 2007 will see the evolution of malware designed to take advantage of presently unknown security holes in browser-based anti-phishing toolbar programs, such as the ones embedded in Mozilla's Firefox 2.0 browser and Microsoft's Internet Explorer Version 7.

Criminal gangs also are beginning to wise up about hiding the data they've stolen, he said. Online criminals often store stolen bank account information in plain text files on random Web sites that they've gained access to. Security experts frequently index and alert financial institutions to any compromised customer accounts, but Hubbard said he expects more cyber crooks to begin scrambling their data stashes with encryption programs, potentially crippling fraud detection efforts.

Many security professionals speak highly of Microsoft's Vista, the newest version of Windows scheduled for release next month. The program includes a number of improvements that should help users stay more secure online, such as a hardened Web browser that includes new anti-fraud tools, as well as operating system level changes that should make it more difficult for the user or rogue spyware or viruses to make unwanted or unwise changes to key system settings and files.

But experts worry that businesses will be slow to switch to the new operating system. And even if consumers rush to upgrade exiting machines or purchase new ones that include Vista, Microsoft will continue to battle security holes in legacy versions of Microsoft Office, which are expected to remain in widespread use for the next 5-10 years.

Online fraud will get even more sophisticated in 2007, researchers fear. "Criminals have gone from trying to hit as many machines as possible to focusing on techniques that allow them to remain undetected on infected machines longer," Symantec's Weafer said.

Some software security vendors suspect that a new Trojan horse program that surfaced last month, dubbed "Rustock.B" by some anti-virus companies, may serve as the template for malware attacks going forward. The program morphs itself slightly each time it installs on a new machine in an effort to evade anti-virus software. In addition, it hides in the deepest recesses of the Windows operating system, creates invisible copies of itself, and refuses to work under common malware analysis tools in an attempt to defy identification and analysis by security researchers.

"This is about the nastiest piece of malware we've ever seen, and we're going to be seeing more of it," said Alex Eckelberry, president of Clearwater, Fla. based security vendor Sunbelt Software. "The new threats that we saw in 2006 have shown us that the malware authors are ingenious and creative in their methods. Unfortunately, those attributes aren't ones we would normally consider laudable in the context of criminals."

<          3

© 2006 Washingtonpost.Newsweek Interactive