Who will find the first major security flaw in Windows Vista? Will it be released as zero-day? Is there an end in sight to the botnet menace? Is spam close to being canned? Just who are these criminals
Those are just a handful of the hot-button topics that will dominate the security news headlines in 2007—right alongside the never-ending debates on responsible disclosure, more “month-of-(pick a vendor/product)-bugs” projects and new research into offensive/defensive rootkits.
A bold prediction on spam
One of the most unlikely predictions for 2007 comes from SecureWorks malware researcher Joe Stewart: spammers will have to evolve and find new attack techniques if they intend to maintain their level of profitability.
Roughly translated, Stewart believes the massive surge in spam e-mail will taper off in 2007, unless spammers find new tricks to bypass a hardened Windows Vista and improvements to existing anti-spam technology and techniques.
In an entry on the SecureWorks blog, Stewart argued that Vista will force spammers to deliver payloads through social engineering attacks and even that might become more difficult in the future, with Microsoft venturing into the anti-virus and trusted computing arenas.
“Another factor which will have a huge impact is the release of the SpamHaus PBL blocklist, scheduled for release in December 2006,” Stewart added.
The PBL, or Policy Block List, is a database of IP address ranges that should not be sending mail “direct-to-mx” to other ISPs.
Stewart explained that spammers depend on these dial-up and DHCP-based broadband connections and, with the extensive reach of SpamHaus’ blocklists, widespread adoption of the PBL “will be very detrimental to spammers, as entire IP blocks where their zombie spam bots live will be unable to send mail to a large part of the Internet.”
He is quick to caution against declaring victory against spammers because, “there’s simply too much money in the spam business.”
“They [spammers] will be forced to take one of two routes—send mail through the user’s ISP mail server or reach out to find static hosts that can be compromised for the purposes of sending mail,” he predicts, noting that the first method usually fails when an ISP gets wise to the amount of mail clogging the outbound mail server queue.