Thr trouble with posting predictions is that you force yourself and your readers to look back to see how your last predictions came out. To save you time here is a link to my 2005 predictions. All the easy ones have come true.
Interestingly, the ones that were the greatest "reach" on my part have not. No spyware that installs via FireFox vulnerabilities has cropped up. I wonder why that is? Here is my theory. Spyware writers are lazy and opportunistic. They wait for working exploit code to be developed by uber hackers before implementing it in a drive-by download. They also wnat to get the most return on their time invested. The uber hackers still love FireFox and spend all of their time hacking Internet Explorer, so they do not develop and release FireFox hacks. And, the spyware writers are not financially motivated to invest the resources to target a small percentage of the online community.
There have been no major outbreaks of malware over RSS. But marketeers have discovered RSS. See this example text:
# Get all of your online content and marketing messages delivered to your recipients. No spam filters, no blacklists, no problems. # Win back your customers and prospects by finally getting your messages through to them. # Increase your natural search engine rankings and drive fresh traffic to your website. # Get your content published on other sites, generating more visitors and exposure for your business. # Ultimately, use RSS to increase your sales, develop profitable customer relationships and better monetize your online content. # RSS publishing is easy and using some tools can even be free. You can start using it today without any cost whatsoever!
I still believe that exploitation by spammers and malware writers is not far behind.
OK. Time to make some predictions about the top threats for 2006. Here they are.
Ranked in increasing order of peril.
1. Variations of Netsky. This virulent mass mailing worm will continue to evolve with hackers using new and topical subject headings to get hapless recipients to open emails and continue the spread. 2. Mytob variants. Another mass mailing worm, this one installs a Trojan back door and can be used to install any number of malicious pieces of software. 3. Spear phishing. The idea behind spear phishing is that it is targeted. The attacker usually knows something about their victim; what bank they use, their PayPal screen name, something that improves the odds of success for the attacker. 4. Competitive intelligence gathering by spyware. Numerous petty cases were reported in 2005. Minor incidents like a student using a keystroke logger to get test questions will pale compared to the discovery of high level corporate espionage in 2006. 5. State sponsored hacking. Evidence is growing that certain national governments are using Trojans, viruses, and key stroke loggers to gather industrial and military intelligence. The repercussions from this state sponsored hacking will be felt in 2006.