Innovation is down but the number of malware variations has gone way up. F-Secure said the volume can be attributed to bad guys using malware generator kits. Not only that, but exploit production techniques have been refined for much greater effectiveness.
Among the most prolific malware in 2007 were Rock Phish, Zlob, and the Storm worm. Rock Phish is a phishing site creation tool that made its debut in 2005 and its use soared through 2006 and 2007.
Zlob is a social engineering tool that tricks people into thinking that they need to download a new video codec in order to access some sort of alleged media. The tool's intention is fool people into purchasing software that nothing less than rogue in nature. Storm was very effective at penetrating systems and turning them into members of botnets. Storm variants use email and Web sites to infect systems quickly.
Equally as effective are kits like MPack, IcePack and Neosploit, all of which let operators quickly generate exploits for vulnerabilities in multimedia tools, browsers, and other common desktop applications.
Compounding the overall security problem were a long list of irresponsible data handling incidents, all of which led to data breaches that exposed the private information of well over 70 million people, and that number could quite possibly be well over 100 million.
On the mobile computing front is concern for mobile phone security. F-Secure, said that Symbian's mobile phone OS, S60 3rd Edition, has so been very effective in stopping the influx of malware. What does affect the latest OS is spyware.
A spokesperson for F-Secure said that "What we saw during \[in 2007\] was volume. Malware authors are criminals and as time passes they are becoming increasingly professional at their business. Kits and commodities markets are the result. The tools of online crime are being produced professionally. The purchased kits are producing malware in bulk. The stolen data is traded as commodities on underground auction sites. It's easy money with plenty of cover from law enforcement. What will we see in 2008? More of the same — lots more of the same but better, stronger, faster \[...\] 2008 will be a challenge of endurance."