The next year will bring more phishing attacks and bot networks as cybercriminals look for quick profit, Symantec researchers predict.
The second half of 2004 saw an increased use of networks of bots – compromised computers – to send spam, launch denial of service attacks or extortion schemes. The trend likely will continue in 2005, Vincent Weafer, senior director of Symantec Security Response said in an interview.
“We are seeing these systems being used increasingly for cybercrime,” he said. “What’s happening is the increasing influence of a group willing to pay money for zombie systems and exploits – for things that will make them money, such as getting passwords or cleaning out accounts.”
This year only saw the “tip of the iceberg” when it comes to phishing scams, said Weafer. Smaller ecommerce sites will become targets next year and phishers will use increasingly sophisticated techniques to dupe users.
Weafer said unlike virus writers, who often aim to demonstrate new techniques, phishers simply want to use what works. So they’ll continue to solicit people via email. But in the next two to four years phishers may start using instant messaging or voice over IP in an attempt to get people to visit bogus web sites and divulge sensitive data.
Malware in the form of mass mailers will continue to surface in 2005, but are on their way out, said Weafer.
“It’s more effective for someone to use a network infector or a multi-infector, such as phishing, than a mass mailer,” he said, adding that many organizations have rolled out technology to defend against mass-mailer types of malware.
Finding it difficult to break through perimeter defenses, attackers are increasingly focused on the client, Weafer said: “They’re focused on the PC as the weakest link.”