ScanSafe predicts Web 2.0 exploits and roaming workers to top security threats in 2008

Leading Provider of Web Security-as-a-Service Identifies the Top 5 Security Threats Facing Web Users in 2008

(PresseBox) ( LONDON and SAN MATEO, Calif., )
ScanSafe, the pioneer and leading provider of Web Security-as-a-Service, today issued its 2008 security threat predictions. Topping the list—a continued growth in malware hidden on Web 2.0 sites and heightened security risks related to the growing number of remote and roaming workers. The full list of predictions includes:

- 1. Cyber Criminals Follow the Money: Web 2.0 Will Continue to Fuel High Profile Attacks
- 2. Remote and Roaming Security Becomes a Growing Pain Point for Businesses
- 3. Continued Pressure to End Public Disclosure of "WhoIs" Information
- 4. Growing Underground Market for Warehousing and Selling of Stolen Database Information
- 5. Storm Worm Hangover Continues Well Into 2008

"Cybercrime is estimated to be a 100 billion dollar-a-year industry," said Mary Landesman, senior security researcher and head of the ScanSafe Security Threat Alert Team (STAT). "According to the SANS Institute, the average lifetime of an unprotected PC on the Internet is 30 minutes before over 55 percent of them are infected with some form of spyware. With odds such as this, users and corporations alike must be vigilant. The 2008 threat landscape further highlights the need for improved user education and awareness. At the same time, solutions need to find a balance between security and usability, making it as easy as possible for people to integrate security into their everyday business and consumer communication habits."

ScanSafe scans more than 7 billion Web requests and blocks more than 70 million Web-based threats each month, providing valuable data for analysis as well as validating statistics in support of its 2008 predictions.

1. Web 2.0 Will Continue to Fuel High Profile Attacks

The explosion in popularity of Web 2.0 applications has made Web 2.0 sites an increasingly rich target for cyber criminals. MySpace alone boasts more than 200 million users. Web 2.0 applications will remain a key source of Web-based malware in 2008 and beyond. Examples include:

- Social Networks Present Continued Risks to Corporate Reputation and Data Leakage: Social networks, blogs, wikis and other collaborative sites pose an ongoing risk of employees deliberately or inadvertently discussing proprietary corporate information, office gossip or posting inappropriate information. For example, in 2007, the CEO of Whole Foods posted disparaging comments about a competitor on a financial blog.
- Gaming and Other Virtual Environments Become a Growing Target: The continued popularity of massive multiplayer online games (MMOs) like World of Warcraft, City of Heroes, Ragnarok Online, and other MMOs will continue to fuel a black market economy in in-game currency and rare items. This economy will be supported through the use of backdoors, bots, and password-stealing Trojans that target the users of these games, compromising their account details and trafficking the stolen goods to less talented players seeking instant status.
- Second Life Sites Emerge as a Hacker Target: Second Life and other avatar-driven virtual worlds will likely emerge as targets for pranksters or malware authors. Second Life residents logged 24 million usage hours in September 2007, according to an October Reuters report on the virtual 3-D world. Residents have already been plagued with bots such as the CopyBot, which fleeces the virtual avatar of items they have purchased or developed in-game.
- Malware Authors Will Continue to Leverage Online Advertising to Seed Attacks: In 2007, ScanSafe identified numerous instances of malware hidden in banner ads, including a Trojan-laced banner ad displayed on high profile sites such as MySpace and PhotoBucket. The ad required no user interaction to activate infection. The complex network of ad providers and ad affiliates has made it easy for attackers to surreptitiously insert malicious advertising.
- Social Engineering Tactics Evolve With the Web 2.0: User communities based on common interest remove physical proximity boundaries paving the way for trust relationships between virtual strangers. Attackers can exploit the trust relationships that develop within these communities, and often do so by hijacking the account of a trusted user.
- False Trust: Additionally, the trust relationship the user has with the site itself may cause them to automatically trust content coming from that site. For example, a user would understandably be more likely to allow ActiveX controls or allow javascript from a site which they visited frequently. If the site has been compromised in some way, either through exploit of a vulnerability or via third-party delivered content, this blanket trust can lead to so-called drive-by infections – even from otherwise perfectly legitimate and honorable sites.

2. Remote and Roaming Security A Growing Pain Point for Businesses The workforce has expanded well beyond the four walls of the office. According to research from WorldatWork, 45 million Americans work from various locations outside the office including home, hotels, airports, cars and other hotspots. As more employees are required to work remotely for their positions, and as many companies offer telecommuting as a job perk, it has become increasingly challenging for IT administrators to enforce policies for appropriate use of corporate resources—including use of the Internet on corporate-issued laptops. While employees enjoy the benefits of being un-tethered from the office, IT departments are left to address the unique security challenges that the roaming worker and an increasingly elastic network perimeter present, and that are beyond the scope of a VPN tunnel.

3. Continued Pressure to End Public "WhoIs" Information Expect the heated debate over whether or not to continue to make "WhoIs" database information—the information that ties an Internet domain name ( to the owner of the site—public to continue in 2008. Privacy advocates and others are urging ICANN, the international body that overseas domain names, to end the ability for anyone to do a "WhoIs" lookup, arguing it infringes on website owners’ privacy. Current methods provide a means for legitimate users to suppress public display of their private information. The real beneficiaries of the removal of WhoIs will be the attackers themselves. As criminal profits continue to soar on the Internet, these same entities will likely actively lobby for and pursue changes that create an Internet environment even more conducive to carrying out online crime.

4. Growing Underground Market for Warehousing and Selling of Stolen Database Information In 2007, data theft hit new records. Discount retailer T.J. Maxx, parent of T.K. Maxx, reported data theft involving 45.7 million credit and debit cards. In late November, the British Government announced that the complete personal data of 25 million individuals had been inadvertently lost—the largest data loss in the country’s history. Given the frequency of such large scale data vulnerabilities, expect to see a growing underground market for confidential personal information. ScanSafe predicts an increase in the selling and servicing of stolen contact databases, mimicking what is seen in 'legitimate' data warehousing.

5. ‘Storm Worm’ Hangover Continues Well Into 2008 The Storm Worm dominated the security landscape in 2007 and its effects will continue to be felt in 2008. However, there have been several misconceptions about STORM. Contrary to popular belief, the Storm family of threats evolved in 2006. In January 2007 one of the variants of the email carried the subject line "230 dead as storm batters Europe". This email coincided with a very real and deadly storm in Europe, hence earning its nickname "Storm worm". But the basic infrastructure for Storm has been around for a while. The real take-away from Storm is that it is a well thought out, extremely organized series of attacks which have led to the creation of one of the largest botnets, estimated to be well over 1.5 million infected machines at any given time. Expect this botnet to be leveraged by cyber criminals in 2008 and beyond.

For continued discussion of 2008 security predictions as well as the latest information on Web-based threats, please visit the ScanSafe STAT blog at
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to