At the close of the year, it’s customary for the McAfee Avert®: Labs research team to dust off the crystal ball and peer into the future.

To give you some perspective, let’s take a look at 2007, which was a record-breaker: McAfee recorded more than 100,000 new viruses and Trojans, a nearly 50 percent increase in the number of threats ever recorded.

What were some of the most prominent headliners? The Nuwar virus (a.k.a. Storm Worm) grew into the largest peer-to-peer (P2P) botnet to date, while TJX revealed the largest data breach in history. Other areas saw significant growth as well, from phishing attacks to crimeware, from vulnerabilities disclosed to zero-day exploits. See our in-depth review of the 2007 threat landscape. With the rapid adoption new technologies introduced in 2007—such as voice over IP (VoIP), virtualization, and Web 2.0, to name a few—comes the foreboding promise of expanding threat activity.

Here are the trends we foresee for 2008:

1. Adware on the decline
There’s good news here. Thanks to numerous lawsuits, better defenses, and the negative connotation associated with adware, this potentially unwanted and often annoying form of advertising has been on the decline since 2006. In 2007, the Federal Trade Commission settled cases against several adware makers, including one of the biggest, Direct Revenue. With major players such as Direct Revenue out of the game, adware growth is expected to decline by 30 percent in 2008.

2. Botnets piggyback on Storm’s success
Sophisticated cybercrime rings are relying on bots, or software robots, to run groups of "zombie" computers that they control remotely. With the prosecution of four high-profile bot masters in 2007, criminals will be looking for better ways to cover their tracks. McAfee Avert Labs expects exploit authors to ride the coattails of Nuwar, also known as the Storm Worm, the most versatile virus on record. The authors of Nuwar have released thousands of variants, and have changed coding techniques, infection methods, and social-engineering schemes. Nuwar is unique in that it has managed to successfully amass the largest-ever P2P botnet. Be on the lookout for more threats that mimic Nuwar’s ability to harness the power of botnets.

3. Crimeware and phishing move on to secondary targets
Cybercriminals will be maintaining a lower profile by targeting less popular websites. They’ve learned that it’s risky to target top-tier sites, which are regularly subject to attack and are therefore better prepared to defend themselves. Clever malware writers have figured out that a large percentage of people reuse their user names and passwords, so it’s easier to target less-popular sites that may not have proper protections in place. Criminals can gain access to primary targets using information gained from secondary-target victims.

4. Instant malware: A different kind of IM
Researchers have warned us about the risk of a self-executing instant-messaging (IM) worm for a few years now. This threat could literally spawn millions of users and circle the globe in a matter of seconds. Although IM malware has been around for several years, we still haven’t seen a self-executing threat. While it’s anyone’s guess exactly when this threat will emerge, the stars may be starting to align. The National Vulnerability Database reports more than twice the number of AIM, YIM, and MSN Messenger vulnerabilities for 2007 over the prior year. And, there were 10 high-severity risks in 2007, compared with zero in 2006. The top IM virus families of 2005 and 2006 were replaced with new active threats, signifying an “out with the old and in with the new” milestone. With nearly a quarter-billion users, Skype suffered its first batch of worms in 2007. And many, many more are expected to follow.

5. Parasitic crimeware takes root
While crimeware has been actively gaining ground in recent years, parasitic malware took at back seat. But only for a while. In 2007, something changed. Malware authors showed renewed interest in old-fashioned exploits and delivered threats such as Grum, Virut, and Almanahe. These parasitic viruses were written and disseminated for the purpose of financial gain. The number of variants of an old parasitic threat, Philis, grew by more than 400 percent; meanwhile, Avert Labs catalogued more than 400 variants of a newcomer, Fujacks. While the author of Fujacks was apprehended, we foresee a huge wave of parasitics surging forth from the crimeware community. We estimate that parasitic malware will grow by 20 percent in 2008.

6. Virtual threat growth to outpace real-world growth
As virtual objects continue to appreciate in value, more attackers will look to capitalize on the situation. We see this already in the number and type of password-stealing Trojans that were classified in 2007. These examples of crimeware have two favorite targets: online gaming and banking. With the rise in economies surrounding online gaming, we can expect malware that targets these accounts and their “property” to continue. As the value of digital gold for online avatars continues to appreciate, malware will continue to be developed for it, as well as for the underground sites that service that community.

7. Virtualization radically changes security
Virtualization technology is not only changing the face of computing, but the security industry as well. We predict that security vendors will embrace virtualization to create more resilient defenses. Today’s complex threats, such as rootkits, will be easily defeated, but researchers, professional hackers, and malware authors will begin looking at ways to circumvent this defensive technology. The National Vulnerability Database shows that VMware vulnerability records have increased fivefold between 2006 and 2007. Historically, we’ve found that such increases in application vulnerabilities inevitably lead to increased exploitation of those applications.

8. Windows Vista joins the party
VMware won’t be the only technology to attract malware authors next year. In 2007, the market share of Windows Vista was below 10 percent. In 2008, we fully expect an increase in its adoption rate, especially with the release of Service Pack 1.

What does this mean for cybercriminals? We think that professional malware authors will start expending some effort to circumvent the new operating system. The National Vulnerability Database reports 19 Windows Vista vulnerabilities in the first nine months after the OS was released. This compares with 16 Windows XP vulnerabilities during a comparable period. The number of reported Windows XP vulnerabilities more than doubled in the following 12 months. If history repeats itself, we can expect that far more than 20 Windows Vista vulnerabilities will be reported in 2008.

9. VoIP attacks speak up
Our researchers believe that voice over IP (VoIP) attacks will increase by 50 percent in 2008. More than twice the number of VoIP-related vulnerabilities were reported in 2007 over the previous year. And, there have been several high-profile “vishing” attacks, and a criminal phreaking (or fraud) conviction this year. Clearly, VoIP threats have are here to stay, and there’s no sign of a slowdown. Although ABI Research estimates 1.2 billion VoIP users by 2012 (with $150 billion annual service revenues), the technology is still new to many, and the implementation of defense strategies lags behind.

10. Web 2.0: Interactivity yields more productive malware
Heavily trafficked Web 2.0 and social networking sites have already been victimized by exploits (salesforce.com, Monster.com, and MySpace.com, among others), and this will continue in a big way in 2008. Cybercriminals also launched targeted attacks using personal information gleaned from sites such as LinkedIn. Attackers pursued the tidbits of information users share about themselves to help make their threats feel more authentic. Avert Labs thinks that these examples signal a trend where industrious attackers are engaged in data mining this wealth of personal information.

Another cause for concern is an increase in spam that targets social networking sites. This blog spam (which is done by automatically posting random comments or promoting commercial services to blogs, wikis, guestbooks, or online discussion boards) is growing at an alarming rate. In March 2007, WebmasterWorld reported that 75 percent of Google’s Blogspot blogs are spam. Automated posting tools are maturing, and spammers are moving on to audio and video spam. Blog spam will continue to grow in 2008, and video spam is likely to become significant. In many cases, video spam will be obvious to most viewers, but well-crafted videos will blur the lines between spam and advertising.

Conclusion
That wraps up our prognostications for 2008. New technologies are enticing, exciting, and hold the promise of increased efficiency, but as you survey the choices, keep your eyes open and your guard up. As the old adage goes, "forewarned is forearmed." The team at McAfee Avert Labs wishes you a safe and prosperous new year!