Will the New Year bring new malware?

New Year’s Day is traditionally a time for reflection and speculation. Here are a few of my musings on the kinds of threats that we can expect in 2009.

Over the last year, we have seen the continued rise of USB-aware malware (so much so that the US Army banned USB drives) bringing the sneakernet malware vector back from the grave.

  • Will administrators get on top of the problem? (advice on how to combat USB-aware malware is here)
  • Will the problem of USB-aware malware spread to other OSes? NB. Ten years ago Mac/Autostart-A was doing something similar to USB-aware malware of today.

When the AV industry first saw sneakernet as a malware vector it was due to boot sector viruses, and this last year has seen a resurgence of them (last month I blogged here). I suspect that this threat can only grow in the next twelve months.

At the end of this last year we saw a network aware worm spread via an exploit (W32/Confick-A) will this exploit be as big as the LSASS exploit (remember Sasser?)

We are awaiting the release of, hopefully in the first half of 2009,  Internet Explorer 8 (IE8). The security experience of IE7 was much better than IE6 and we hope that IE8 will do better still.

So what other old threats will resurface this year disguised as new malware? Will we have a new WM/Concept or XM/Laroux? There is a truism in the Anti-Malware world coined by Jimmy Kuo (ex-McAfee now with Microsoft) “that it takes about 18 months for an OS/application to be exploited by malware”. Microsoft Office 2007 has either broken the trend or is long overdue for attack.

Which threats do you think will resurface? Do you think Office 2007 is immune from attack, if so or if you have anything else you would like to share please contact the blog via sophosblog@sophos.com.

Happy New Year!