Websense.com / Security Labs / Blogs / Salient security terms for 06...(AKA fuzzy predictions)

Archived Blog

Salient security terms for 06...(AKA fuzzy predictions)

12.27.2005 - 8:19 AM

Previous Posts

December 2005
12/31/2005Last entry 2005 PST. WMF exploits increasing. »
12/31/2005Not so Happy New Years, exploit code in the wild for WMF exploit. »
12/29/2005Trojans that infect through deception. The oldest trick in the book still works wonders. »
12/28/2005Windows zero-day exploit update. »
12/27/2005Potential new unpatched IE exploit ? »
12/27/2005Salient security terms for 06...(AKA fuzzy predictions) »
12/23/2005Holiday Bagles. »
12/21/2005New blaster variant in the wild that download files from website. »
12/19/2005Bah Humbug! Trojan Horse posing as Christmas Greeting. »
12/15/2005Fraudulent Microsoft email with Brazilian banking Trojan Horse. »
12/15/2005Yet another Bagle on the loose. »
12/14/2005Thousands of sites using the recent IE "zero-day". There is now a patch available. »
12/12/2005Tis the Season for Phishing and Crimeware. »
12/07/2005New Sober Variant (Sober.x) »
12/05/2005Air China using malicious JavaScript to install toolbar. »

Archive
Below is a list of some of the topics we  may be seeing in the New Year:

* Web-born worms

Not a lot of these around yet. Myspace and some other online sites were infected, but with the mass amounts of exploits for Web scripting languages and un-patched machines this is bound to happen.

* RSS malcode

Great technology. As more browsers embed this and include exploits,  the frequent / unattended nature of RSS will be used to infect.

* Trojans outpace worms

We already are starting to see this. New Trojans and variants of Trojans are coming out daily in volume.

* Voice-over-IP Phishing (Vishing )

Somebody had to come up with another name :-). Using Voice over the Internet could introduce another means to deceive unsuspecting users to do something they should not be.

* Toxic Blogs

Yes, blogs are everywhere. Including here. Fact is that most of them do not check for scrupulous scripting, scan their file posts, and allow active content in posts.

* Xbot 360

The Xbox connecting over the Internet for updates and other things leads me to believe that this will simply be another way for attackers to use your PC and your connection at home for their own purposes.

* Cross Site scripting attacks

High-profile ecommerce and financial websites have had (and will have cross site scripting vulnerabilities). Attackers will leverage these for Phishing , Trojan Downloader's and for other nefarios reasons more frequently.

Bookmark This Post: