Predicting the future of Internet threat activity is a bit likepredicting the weather; it is primarily accomplished with theapplication of science and technology, but it also includes the skillof human observation. The "Future Watch" section of the recentlyreleased Internet Security Threat Report, Volume XI, uses allof the resources available to Symantec, some of which include theSymantec™ Global Intelligence Network, the BugTraq™ mailing list, theSymantec Probe Network, as well as malicious code data gathered alongwith spyware and adware reports from over 120 million client, server,and gateway systems that have deployed Symantec’s antivirus products.We also consult with our numerous security experts who, like goodweather forecasters, don't have to wait for the clouds to know a stormis coming.
Between July 1 and December 31, 2006, Symantec blocked over 1.5billion phishing messages, an increase of 19 percent over the firsthalf of 2006. One of the predictions Symantec makes in "Future Watch"is that phishers will expand the scope of their targets and develop newtechniques to evade antiphishing solutions. Symantec has alreadystarted to see techniques to counter the effectiveness of block lists.In addition, attackers may already be using ready-made phishing kits,which have tools that an attacker can use to easily construct phishingemail messages and Web sites based on a template. Symantec has alsoobserved that phishers are starting to adopt a technique known asintelligence lead phishing. This is a practice in which the phishercompromises a database or social networking site to obtain userinformation. This information is then used in a targeted phishingattempt against the user in question.
Symantec also speculates that phishing and spam will target mobiledevices in greater numbers. There is a logical evolution from email toSMS and MMS as transport mechanisms for phishing and spam attacks. Thisis due in part to the fact that the technological and proceduraldefenses for devices deploying these services may not be as welldeveloped or as widely deployed as those for other platforms. Threatsagainst these surfaces have been rare thus far. As a result, users aremore likely to trust those messages and to act on them. As the costs ofSMS services goes down, the likelihood that these gateways will be usedfor spam activities will increase. Cellular operators will likely beforced to invest in filtering technologies to combat this growingproblem.
Symantec is also closely watching the issues surrounding MicrosoftWindows Vista, and Vista and third-party software. Symantec notes thatthreats posed to Microsoft’s latest operating system, Windows Vista,are becoming evident (visit our Windows Vista SecurityWeb page for more information). Microsoft’s implementation ofmitigating technologies, such as address space layout randomization,GS, and data execution prevention, could reduce the successfulexploitation of any vulnerabilities that are discovered. Nevertheless,Symantec expects that new threats for Windows Vista will utilize olderexploitation techniques that have been previously successful in orderto bypass improvements in Windows Vista. For example, attackers mayrevert to attacks that utilize email, P2P, and other social engineeringtechniques. In addition, existing malicious code may also pose aproblem for Vista.
Symantec also points out that the release of Windows Vista makesthird-party software security paramount. With the advent of Vista andthe continued use of the Security Development Lifecycle, it is likelythat Microsoft-authored code will become more difficult to exploit. Asa result, attackers may turn their focus to common third-partyapplications that are authored by companies that have not employed theSecurity Development Lifecycle or other secure development practices,and, therefore, may be less secure.
For details about the predictions Symantec makes in "Future Watch"and information about current Internet threat activity, please see therecently released
Internet Security Threat Report, Volume XI.