I know it's customary to simply rattle off a "top 10 list" of bullet points related to possible security predictions further along in the year, but I thought I'd rather go into a little more detail with this one. As such, my bullet points are few, but my concerns are many.
What does the year hold? Lots and lots of problems for Myspace, from the looks of it. Don't forget the other Social Networking sites (such as Facebook and Orkut) too. Of course, claiming there will be issues for these sites is perhaps to state the completely and utterly obvious, but we're barely a week into the new year and already we have:
* Fake "friend adds" from someone posing as "Myspace Tom" trying to sell you ringtones;
* Zango in the news regarding an application on Facebook apparently designed to push popup adverts;
* Sites that provide services for Myspace in the line of fire too.
However you look at it, Social Networking is currently where all the action is, and - in the same way that some of the biggest security stories of 2007 were web 2.0 escapades, expect a lot more of the same this year. Although Facebook and Orkut have experienced a surge in recent months with regard malicious (and supposedly "non malicious") attacks, Myspace will clearly remain the breeding ground for new techniques and attacks launched upon end-users.
Myspace shows no indication of locking down the functionality on end-users pages that makes it easy for bad guys to cause trouble, and while the ability to post videos, music and custom backgrounds to your page is appreciated, the problems and security issues these same "bonus features" create is not so welcome.
If there is a major security breach involving Myspace, will they even be able to react in time given the responses I was met with when trying to warn them of an issue recently?
Sadly, it seems like a distant prospect at this point.
Instant Messaging attacks fell under the radar a little bit with regards major breaking stories in 2007, but it's worth remembering that these hijacks are still out there in full force, even if we are all currently dazzled by the slow motion trainwreck that is the world of social networking.
Expect Skype Worms to become more and more commonplace - in fact, these attacks may drop under the radar more than any other, due to the constantly reused infection files by the bad guys. The first part of 2007 brought a flurry of news reports as we discovered a network jumping Skype Worm - however, the current attack of choice continues to be reworked Warezov variants, and this can only mean one thing - lack of coverage and a general sense of "looking for something more interesting" as we all grow tired of Warezov variant number 600,308 rumbling across the Skype network.
Of course, these attacks will still continue to be successful, whether we continue to read about them or not.
With that in mind, it's time to make a few small predictions for the older IM networks - well, one, actually. Expect more custom built infections for geographical areas you wouldn't have previously expected to be exploited. The Singworm (targeting MSN users in the Singapore region) springs to mind. As researchers grow tired of seeing the same old hijacks time after time and start to explore what's lurking in other regions, we'll start to read about new and interesting attacks from further afield. In some ways, that's already happened with regards the area of Adware - as the "old guard" of companies such as Zango, Direct Revenue and DollarRevenue either go out of business or reform, researchers have started to look at the "next generation" of Adware coming out of China.
Sadly, there will be more than enough for us to get to grips with. Indeed, we might start pining for the more straightforward threat landscape we knew and understood as we spend the year being battered by sales pitches in Chinese, EULAs in Korean and hacking forums written in Malay.
