Last month, scores of popular websites were hit with a nasty surprise. Visitors to sites run by The Economist, Major League Baseball and Canada.com, to name a few, were greeted by adverts pushing antivirus software. The software, of course, was a hoax. What customers were clicking on (and it was hard to avoid) was a type of Trojan, a malicious program that typically installs itself on a user’s hard drive and takes control of a computer or scans it for juicy details such as bank accounts and PIN details.

This particular piece of malware was passed on by DoubleClick’s DART ad-serving technology, software used by some of the world’s largest websites to call up an advert from its inventory and display it on a certain web page. As far as any specialists could tell, it was the first time malevolent coders had been brazen enough to distribute their nasty Trojans via banner ads on some of the web’s most popular and most trusted sites.

DoubleClick says it now scans all ads to ensure they are legit. But the genie is out of the bottle.

Even if DoubleClick, which is in the process of being acquired by Google, succeeds in filtering out Trojans, there are scores of smaller, less sophisticated ad-serving services in operation that could fall prey to the trick, according to Yuval Ben-Itzhak, CTO of San Jose-based IT security firm Finjan.

And, it should be noted, the first volley of adverts were menacing, tipping off most computer users that this was a no-go zone. The same trick is being tried using the softer sell, including dodgy offers for free porn, which might trip up the incautious computer user.

“We expect more of this type of attack in 2008,” says Mr Ben-Itzhak.

Here are some other predictions from Mr Ben-Itzhak, a 15-year-veteran of the IT security industry, for the year ahead.

Web 2.0 Trojans: Until now, most virus writers programmed their Trojans – whether they were designed to turn an infected PC into a spam machine or to sniff around for personal details – to communicate with a remote computer server set up by the malicious coder. This server would either store the details obtained from infected PCs or send fresh commands to the zombie machines to start delivering spam messages. The problem for the coder is that the server, which carries an IP address, is ultimately traceable. To mask their whereabouts more effectively, coders are using free blog publishing software from the likes of Google and Microsoft to set up blogs and Web 2.0 sites, replete with RSS feeds, to communicate with its legion of Trojan-infected machines. “The Trojan 2.0 is next the trend in cybercrime. We’re already seeing gangs in Russia and China attacking in this way,” Mr Ben-Itzhak says.

Encrypted malware: As antivirus software continues to shoot down the latest waves of malware, coders are beginning to turn to encryption. Antivirus companies will have to respond by penetrating further into the malicious code in order to stop its distribution. Many will go through undetected.

Installed malware on legitimate websites: As the DoubleClick DART gambit proved, the best way to spread malicious code is to go the most popular sites. Unless major publishers regularly scan their content and advertising inventory for dodgy code, there will be more repeats of last month’s event, Ben-Itzhak says.

Malicious widgets: Widgets, those little pieces of code that create calendars, clocks and maps for personalising websites, are incredibly popular, the perfect vehicle to install a nasty program. Mr Ben-Itzhak has seen a growing number of occurrences of virus writers hijacking and amending an existing widget to include malware or programming a benign-looking widget in the hope of getting an unsuspecting user to download it.

And, a bit further out:

Mac- and PDA-based malware: Every year, there are predictions that virus writers will diversify beyond the Windows-based OS world to prey on the growing number of smart devices and Macs now in use. It simply isn’t happening with the frequency that was first predicted. For example, two years ago security specialists were predicting 2006 would be the year of the PDA exploits. That could change, though probably not dramatically in 2008. As Mr Ben-Itzhak says, “Hackers go where the people are. Once you build a critical base of users, they’ll be there.”

---

Bernhard Warner, a freelance journalist and media consultant, writes about technology, the internet and media industries. He can be reached at techscribe@gmail.com