Freely subscribe to our NEWSLETTER

According to the team, viruses made up some 15 percent of the threat landscape in 2007, consistent with the company’s predictions at the end of 2006; phishing scams, backdoor worms, trojans, keyloggers, spyware, adware and other web-based exploits comprised the majority of threats.

Top Ten Viruses for 2007

According to AVG’s global security strategist Larry Bridwell, the 10 viruses exhibiting the most staying power in 2007 are:

– 1. W32/Detnat
– 2. W32/Netsky
– 3. W32/Mytob
– 4. W32/Bagle
– 5. W32/MyWife
– 6. W32/Virut
– 7. W32/Zafi
– 8. W32/MyDoom
– 9. W32/Lovegate
– 10. W32/Bagz

“The anti-virus industry has been in a transition period the past two to three years as malware has morphed from simple viruses to complex malicious website hacks that combine exploits and social engineering to scam unsuspecting users of their data,” said Bridwell. “As 2008 ushers in new security issues and challenges, Internet users need to boost their anti-malware defences with safe surfing tools like AVG LinkScanner that detect and stop web exploits in real time.”

Unlike traditional malware such as viruses or trojans that are created by thrill-seeking programmers and computer geeks trying to create chaos, exploits are a fast-growing category of crimeware applications used by criminal cyber-gangs to steal digital assets for financial gain. Exploits are usually delivered in the form of drive-by downloads intended to take advantage of unpatched computer vulnerabilities.

“2007 was the year that cybercriminals began to seriously employ exploits and social engineering attacks to undermine the trusted web,” adds AVG’s chief technology officer Karel Obluk. “We expect the bad guys to leverage the knowledge gained this year to wage larger scale attacks using a wide range of malware tools. The real danger is that these attacks will begin to impact the growth of search engine and social networking use.”

Top Ten Web Exploits for 2007

Drawing on research gained through its recent acquisition of Exploit Prevention Labs, AVG identified the following as the top ten web exploits of 2007:

– 1. Super Bowl/Dolphins website drive-by download hack (February)
– 2. Google AdWords reroute via malicious site (April)
– 3. Google Bait & Switch keyword site exploit servers (July)
– 4. Bank of India website drive-by download hack (August)
– 5. Storm Trojan Fakes YouTube Links through phishing and fake codecs (August)
– 6. Gov Hacks cause government websites to serve porn, malware, and fake anti-spyware (September)
– 7. Facebook Banner Ads used to distribute adware-driven exploits (September)
– 8. Alicia Keys/MySpace Hack deliver behind-the-scenes drive-by exploits (November)
– 9. MLB & NHL.com malicious banner ads hijack user sessions, push malware (November)
– 10. Monster.com hack feeds exploits to jobseekers (November)

“From the attacks on Facebook and the Major League Baseball Web site to the Alicia Keys’ sites, it’s clear over the past year that incidence of online threats is accelerating,” said Roger Thompson, chief research officer at AVG. “In 2008, Internet users are likely to see more sophisticated attacks as organized cybercriminals step up their efforts to steal digital assets from social networking site users. Social networks are particularly vulnerable because they rely heavily on hyperlinked content, information sharing and the trust of their participants.”

Top Security Threats Expected in 2008

Thompson’s team has identified five major areas of continued or increased risk for Internet users in the coming year:

– 1. Web exploits and web-based social engineering attacks. “Viruses will continue to be a threat, but we’ll also see an explosion of exploits through social engineering and Web 2.0 attacks in 2008,” said Thompson.

– 2. Storm Worm on the rise. “Storm is here to stay,” said Obluk. “We’re seeing pieces of Storm sold off to the bad guys and we expect orchestrated attacks across multiple platforms.”

– 3. Email-propagated viruses. Many novice users remain unaware of email security issues and continue to open attachments from senders they do not know or click on unsafe hyperlinks.

– 4. Web exploits targeting trusted web sites. “Today’s cybercriminals tend to go for the low-hanging fruit, ” said Thompson. “If they can infiltrate a popular site, they will reap their rewards quickly and be gone in no time.”

– 5. An increase in the number of Windows Vista attacks. With increasing adoption of Microsoft’s latest operating system, Vista will become a bigger and thus a more tempting target for the bad guys.

While AVG expects international law makers to pay closer attention to cybercrime in 2008, it’s unlikely that stronger laws will deter cybercriminals. “The international laws against drug trafficking have not significantly dented the traffickers’ incomes,” said Obluk. “So there’s little reason for us to believe that laws against criminal behaviour in cyberspace will have much impact on online fraud. There is simply too much money to be made.”