While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty.
- We will see increased interest in digitally signing malware using stolen code-signing digital certificates.
- Expect an increase in native 64-bit malware, especially rootkits (may tangentially tie into digital certs, above).
- Do not expect to see much in the way of additional BIOS-flashing trojans (a/k/a Mebromi), although interest and research in this area by malware authors is likely to increase.
- There will some increase in rogue Bitcoin mining clients, with the volume mirroring the value for this digital currency.
- We will see increased use of social networks' realtime search results for social engineering and Black Hat SEO.
- Poisoned search engine results will continue to be a popular way of distributing malware.
- There will be a shift away from legitimate, commercial runtime packers and code obfuscators to black ones (e.g., developed for/by malware ecosystem) as the taggant system developed under the auspices of the IEEE Standards Association begins to get deployed.
- The use of software wrappers by file download sites seeking to monetize downloads will increase; those that are poorly-implemented or have unwise default settings likely to be classified as PUAs.
- We expect a fair amount of FUD about Windows 8's anti-malware functionality; basically, the same things we heard with Windows Vista and Windows 7.
- There will be reports of a vulnerability in the forthcoming Windows 8 that is called a "major security flaw" only to find out—a few days or perhaps a week or so later—that it cannot be conventionally exploited or remains firmly in the realm of the theoretical.
- No actual malware for Windows Phone 7 will appear, although we will see some increased interest in security for the Windows Phone platform as it becomes more popular.
- Win32/Conficker will remain in the Top Ten threats for the year but continue to decline as computers and networking infrastructure are replaced. However, the Conficker Working Group will still need to continue its efforts.
The future is, of course, notoriously hard to predict, but that does not mean we should not attempt to do so. Predicting your opponents' next moves is something of a tradition in the anti-malware field, and sometimes that works rather well, especially in the case of proactive technologies like heuristics and generic signatures.
Regards,
Aryeh Goretsky, MVP, ZVSE
Distinguished Researcher