Windows 7 Will Come into the Cross-Hairs of Attackers Microsoft has already released the first security patches for the new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsofts new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.
Status: Still possible
Reasoning: Thus far, weve been pleasantly surprised to have seen only one major attack leveraging a vulnerability in Windows 7, though it should be noted that this vulnerability was also present in all of Microsofts supported operating systems. The attack involved a piece of malware known as Stuxnet. It exploited a vulnerability in the way Windows handles shortcut links. Stuxnet was limited in distribution, but it was high-profile because it was the first known piece of malware specifically targeting SCADA systems.
A big reason why we think we have yet to see a major increase in attacks targeting Windows 7, one of Microsofts best selling operating systems ever, is because attackers are always looking for the path of least resistance. With so many bugs in Web browsers and Web-facing third-party applications and plug-ins that are easier nuts to crack, hacking the new operating system has simply not been the preferred method of gaining access to these systems, with rare exception, as already mentioned.
Fast Flux Botnets Increase Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious websites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command and control, Web-based load balancing and proxy redirection, it makes it difficult to trace the botnets original geo-location. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique to carry out attacks.
Status: Still possible
Reasoning: Thus far this year, we havent seen any major new threats using the fast flux technique. We hope it stays that way, but the reality is that the year is only half over. We have, however, seen the resurgence of an old foe which leverages the fast flux technique. The Storm botnet has recently re-emerged as a top botnet and it continues to use the fast flux technique to hide the website domains behind the hyperlinks it spams out.
We have also seen an increase in threats like Spakrab, a back door Trojan that is typically used to send out spam. This threat uses techniques that result in similar camouflaging effects to fast flux, such as masking command and control server geo-locations by exploiting Dynamic DNS providers. Dynamic DNS is free, easy to set up and allows attackers to use compromised hosts that do not have a static IP address, making their physical location harder to pinpoint.
Sign up for Computerworld eNewsletters.