Malware Predictions for Early 2003
TruSecure’s technical director of malicious code research, Roger Thompson sent out his malware related predictions for early 2003:
- More Remote Access Trojans (RATs) or backdoors overall, these attacks increased in 2002 but have decreased in the last few months. This type of security breach remains a favorite of the hacker community: malware code writers will continue to disguise RATs and backdoor scripts as “adult” movies and then post them to pornography news groups targeting inexperienced users. Expect them to continue through 2003 but they will be mixed with more and more greyware (i.e., spyware and advertising monitoring that is barely legal).
- Mass-mailing Win32 viruses were largely unsuccessful in hitting corporations in 2002, with the notable exception of organizations that did not filter properly. One of the two biggest worms of the year was W32/Klez, which has been infecting home environments. The impact of the mass-mailing worm is mostly over for corporations but, in 2003, it will still have an impact on SOHO environments.
- In 2001, Code Red was the most interesting piece of malware, with four versions and two separate code bases. In 2002, the Scalper/Slapper worms were in this category but were not as successful as Code Red. SqlSpida was successful at finding weak SQL servers but did not make it past the server into the organization. Thompson expects another attack in 2003 in the class and level of Code Red.
- W32/Nimda v1.0 was the biggest, most likely malware threat of 2002, but never hit. Given that Nimda was internally listed as v0.5 and knowing that the original worm didn’t exploit all the known vulnerabilities in 2001, it is likely that there will be a v1.0 in 2003.
- Macro and script viruses emerged at a rate of 200 to 300 a month in 2002 but this will dramatically decrease to only about 20 to 30 per month. Major anti-virus programs detect these and they will not have a measurable impact.