Botnets will be the headline grabbing security threat of 2005 according to communications security management provider, Clearswift.

Botnets are armies of compromised or ‘zombie’ PCs used to launch denial of service attacks and to send spam.  Their low profile and complexity make them difficult to monitor.  Many botnets exploit security weaknesses exposed by worms, as well as infiltrating and taking over other malware.

“Botnets form large, rapidly evolving families and – if left unchecked - will proliferate until much of the Internet resembles a mosaic of botnets,” said Peter Croft, managing director of Clearswift Asia Pacific.

“Even the most trusted websites are at risk of botnets and can become staging posts, used to launch attacks on the unwary surfer.”

Clearswift identified these trends during a detailed analysis of the major security threats in 2004.  From this data the company predicts that an increase in malicious threats, the growing sophistication of phishing scams and the trend towards multi-functional malware attacks will further intensify the security battleground in 2005.

“2004 was a beachhead year with organisations fighting back against criminal groups with successful arrests, lawsuits and co-operative action between ISPs and watchdog bodies. 

“As organised criminal groups become more technically experienced, the commercial sector will present an increasingly attractive target for brand hijacks and DDoS-based extortion rackets and also data theft, probably aided by bribed insiders.

“The move of criminals online will continue to drive the evolution of malicious threats and we’re likely to see many more high profile security breaches over the next 12 months,” Croft said.

“Business can no longer rely on firewalls and AV technology for protection - a multi-layered defence is the only way forward. 

“Content analysis and filtering, firewalls, intrusion detection systems and antivirus all represent significant components of the full suit of armour.” 

Other predictions for 2005:

· Reports of the demise of the mass-mailing worm are very likely to prove premature.

· The trend towards convergence – multi-functional malware – can be expected to continue, with innovative hybrid forms emerging.  Extrapolating convergence along with so-called ‘blended’ threats (using multiple simultaneous spreading methods) suggests higher levels of threat complexity.  Additional complexity is emerging with the tendency for virus writers to apply multiple compression techniques to executable files

· Application and operating system weaknesses will continue to be found and published on full disclosure sites.  The speed with which criminals pounce upon published proof-of-concept code and spam out new malware will diminish the case for the full disclosure community.  Another consequence will be the criticality of the window of exposure between exploitation of weaknesses and provision of countermeasures, further highlighting the drawbacks of reliance on reactive defences such as antivirus.