A dozen predictions for 2012

While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty.

  • We will see increased interest in digitally signing malware using stolen code-signing digital certificates.
  • Expect an increase in native 64-bit malware, especially rootkits (may tangentially tie into digital certs, above).
  • Do not expect to see much in the way of additional BIOS-flashing trojans (a/k/a Mebromi), although interest and research in this area by malware authors is likely to increase.
  • There will some increase in rogue Bitcoin mining clients, with the volume mirroring the value for this digital currency.
  • We will see increased use of social networks' realtime search results for social engineering and Black Hat SEO.
  • Poisoned search engine results will continue to be a popular way of distributing malware.
  • There will be a shift away from legitimate, commercial runtime packers and code obfuscators to black ones (e.g., developed for/by malware ecosystem) as the taggant system developed under the auspices of the IEEE Standards Association begins to get deployed.
  • The use of software wrappers by file download sites seeking to monetize downloads will increase; those that are poorly-implemented or have unwise default settings likely to be classified as PUAs.
  • We expect a fair amount of FUD about Windows 8's anti-malware functionality; basically, the same things we heard with Windows Vista and Windows 7.
  • There will be reports of a vulnerability in the forthcoming Windows 8 that is called a "major security flaw" only to find out—a few days or perhaps a week or so later—that it cannot be conventionally exploited or remains firmly in the realm of the theoretical.
  • No actual malware for Windows Phone 7 will appear, although we will see some increased interest in security for the Windows Phone platform as it becomes more popular.
  • Win32/Conficker will remain in the Top Ten threats for the year but continue to decline as computers and networking infrastructure are replaced. However, the Conficker Working Group will still need to continue its efforts.

The future is, of course, notoriously hard to predict, but that does not mean we should not attempt to do so.  Predicting your opponents' next moves is something of a tradition in the anti-malware field, and sometimes that works rather well, especially in the case of proactive technologies like heuristics and generic signatures. 


Aryeh Goretsky, MVP, ZVSE
Distinguished Researcher

Author Aryeh Goretsky, ESET

  • Floyd Florence

    If some religion, some philosophy and some science angles bear any fruit (zero point science) the only computer concern of note will be that of the Mind (and brain) and the only viruses will be that born out of fear (negative thought, if you will) and thusly, perhaps all our technological woes will be for not… I'm just saying, but what do I know… It makes as much sense to me as any of the predictions I've read hear today.
    I don't say this to diminish what the author has written hear, quite the contrary… In part, to emphasise, no one really knows but one things for sure, and you can count this as my prediction, "The next year will be one of the most (if not the most) interesting, thought provoking and cosmologically world citizenry engaging of all recorded time!"

    • Aryeh Goretsky

      Hello Floyd,

      Thanks for your feedback; given that malicious software is more of a problem for commodity computer systems these days than the mind or brain, I do not really feel qualified to make predictions about threats and defenses there. That said, certain malicious activities like social engineering can be combated with techniques like user education, and ESET’s ESETUSA channel on YouTube is a great resource for educational videos, as is the Securing Our eCity web site.


      Aryeh Goretsky

Follow us

Copyright © 2017 ESET, All Rights Reserved.