KEY POINTS:
Malware spread through social networking sites is one of the most serious threats facing computer users, say internet security experts.
Secure Computing has outlined what its experts believe could be the biggest online threats in 2008, and what were last year's trends.
One obvious trend is that the demand for personal and financial information is growing at pace - and that the cybercrims behind this demand are getting more sophisticated, and tougher to catch.
An emerging trend is embedding malware in video, audio and image files which are easily uploaded onto relatively open social networking sites.
"It not just bright young things writing clever viruses for a bit of glory," said Secure Computing spokesman Eric Krieger, "these guys are serious criminals out to make as much money as they can - and Web 2.0 is making it a lot easier for them"
"We're seeing a lot of growth - they've got it down to a fine art."
"Botnets are bounding along, gathering IP addresses - and then for the right price, their owners lease them to spammers and send billions of emails."
On January 29, of 137 billion emails worldwide, 104 billion were spam.
"These people are relying on a lack of awareness by inexperienced users - and as sites like YouTube and Facebook have grown, so has the threat that they present.
"Social networking sites will be one of the biggest threats that we'll see in the next six months."
Kreiger advises computer users to catch up with the times when it comes to online security and buy products that focus on a far more interactive web than existed just a few years ago.
"The internet as we knew it is long gone," he said, "Web 2.0 is a whole different story. When personal information is at stake, often including internet banking passwords and log-ins, you can't take it too seriously."
2007 trends
Zombies: A Zombie computer has had its security compromised and is remotely controlled for another purpose such as distributing spam. Zombies became more intelligent and self-sufficient last year.
Data leakage: 2007 saw a greater volume of data leakage because individuals and businesses are not careful about keeping sensitive data such as protected information or intellectual property from being transferred across the web where it is easily obtained and exploited.
More spam: Spam volumes grew and spammers adopted more tactics to evade detection.
Image spam: Image-based spam continued to be utilised by fraudsters other than spammers, such as phishers and Nigerian-spam scammers.
Mail worms: Email-based worms continued to dominate the virus scene during 2007, specifically targeting multimedia files and other daily use applications such as Microsoft Word or Excel.
What's in store in '08?
Professional crime: The theft of critical personal and financial information has spurred a growing availability of underground "marketplaces" that sell all kinds of stolen data like credit cards, banking accounts, etc.
Attackers are using resources more efficiently by first checking whether or not your computer has a security patch installed that will prevent their malicious software from being successful. If it does have up-to-date security installed, it will not attack that unit.
Indirect attacks: Cyber-criminals are getting crafty and hiding harmful code in multimedia files distributed over trustworthy web services. In addition, trusted sites are being used by hackers to run a "silent" redirect that takes you to a malicious site without your knowledge of it.
Attacking apps: In the past, most attacks have been carried out via operating systems such as Windows XP because most computers come bundled with the software or have it preinstalled.
However, as security measures have now made core software difficult to exploit, attackers may turn their attention to other, self-installed software that does not have automatic updates to protect it from being used maliciously.
Fewer viruses: Viruses, worms and botnets will be used less in favour of more targeted attacks. Trojans, keyloggers and other identity-stealing spyware will continue to become the most prevalent types of malware.
Viruses and worms are dying off due to the broad usage of radar-like outbreak detection methods and bots and backdoors will become less common because more desktop firewalls are being used.
