Virtual malware -- nefarious, unwanted software that exists as a virtual layer on a computer's hardware rather than entangling within the main operating system -- will gain in popularity among hackers in the coming years, predicts MessageLabs. Such a threat would be difficult for a computer user to detect, let alone cure.

Virus writers are likely to unleash increasingly sophisticated strains of malware next year in an attempt to bounce back from some high-profile botnet shutdowns in 2008, according to new predictions from managed security provider MessageLabs .

The company predicted that hackers will launch new attacks in which malware will exist as a virtualization layer running directly on the hardware and undiscoverable by the operating system.

"The operating system does not know it's there, and the malware will be intercepting low-level operating system calls," explained MessageLabs senior analyst Paul Wood.

Agile Malware

"The problem will be in realizing it's there and understanding how to clean up, because it's so low-level and tangled up in the operating system that sometimes the only recourse is to reinstall the machine from scratch."

Cyber criminals will concentrate on infecting machines with more agile malware which can switch between tasks as appropriate, said Wood. For example, if a piece of malware determines that the spam it is sending out is being blocked, it could then be told to launch denial-of-service attacks instead.

Mobile malware is also likely to increase in 2009, according to MessageLabs, but not with the goal of infecting devices to create botnets. Attackers will instead seek to make money by subverting the phones so that they call premium rate numbers established by the criminals.

Gone Phishing

Phishing attacks will also increase in sophistication, as criminals target flaws in the Domain Name Server (DNS) system to launch phishing sites by creating sub-domains in exposed accounts. This method will help to circumvent traditional URL (uniform resource locater) filters that can detect when criminals use typo-squatting techniques, which rely on mistakes made by surfers when entering a Web site address into a browser.

"We have seen legitimate businesses with good domains being taken over in some way," said Wood. "The criminals gain access to the admin function of their DNS console, add sub-domains to their records and then use these domains in phishing e-mails."