Malware Shift Creates New Challenges
|
|
|
|
|
Over the past few years those monitoring trends on malicious Internet activities have noticed a significant change.
We are seeing a sizeable decrease in the media grabbing pandemic outbreaks of malicious software.
Yet with less headlines on high risk infectors we are still seeing an increasing overall number of malware infections, it is this new breed of malware that is costing industry millions every year - yet no-one seems to know about them.
One might be fooled into thinking that the lack of media attention on virus outbreaks - like Melissa, LoveLetter, Sobig.F etc- means the casual Internet user is less exposed to infections from malicious software. Sadly this is not the case at all! While the volume of widely distributed malware has declined the total figure for malware infectors has increased significantly. The amount of malware in the wild is a far more significant than the attention particular pieces of malware get in determining your risk of exposure to malware threats.
Virus definition lists are growing at around 1000 new signatures every day and it is not uncommon for this to reach several thousand in a day. Long standing customers of my company will have seen that in the past 18 months we have released more signatures than in the previous 15 years. This is a significant indicator to the number of different malware that is in the wild.
The sheer volume of malicious software created also makes it more difficult for the anti-virus and security industry to determine precise names for the culprits. The recent family of worms called W32/Stration by Norman was also given names like Email-Worm.Win32.Warezov; W32/Spamta.worm by other anti-virus vendors. This of course further adds to the confusion in determining the threat situation accurately.
This shift in the landscape has not been accidental. The large scale outbreaks we have seen previously have shown that malware can indeed be a very powerful tool in the right hands. While we still have the odd occasion where the so called script kiddies are intent on creating havoc and making a name for themselves, the majority of malware now comes from persons or organisations involved in criminal activity with significantly more resources at their disposal.
In this environment the malware is often created to target one specific company or group of companies making it very hard for the antivirus industry to obtain a sample of the threat and provide signature updates to protect against it. Malware of this type is often short-lived, however, once it has proved it can do what it was intended for, variants are then created at an alarming speed. In these instances authors often use sophisticated techniques to obscure the fact that a new variant is close to a previous one, thus complicating the anti-virus vendors ability to detect a particular malware family in a generic way.
Add to this the increasing trend for malware authors to use blended attacks to take advantage of zero day vulnerabilities within applications and it is quite easy for a piece of malware to remain undetected for some time without any cure being available - after all if you dont know you have it why would you think you need protection?
Particular organisations are considered more attractive for targeted attacks using malicious code to infiltrate their systems. In these cases the malware has typically been created bespoke to that company or groups of companies so it often falls below the radar of the antivirus industry as a whole. Examples of organisations that may be in the danger zone include the banking and insurance industry, high-tech businesses that have developed technology that is seen as strategically important for other competing companies and organisations (or countries), security organisations of all kinds, and well known brand companies.
This evolving situation has, to some extent, been a new challenge to the anti-virus industry. Getting hands on the new malware as well as adding new signature files for this threat, has proved more demanding and time-consuming than ever before. The need for protection software that is less dependant on signature-based techniques is seen as paramount. While it is sound business practice to adopt a multi-layered approach to malware protection, it is also a sound policy to ensure that one of theses layers incorporates proven technology that offers protection against unknown threats.
David Robinson, Norman Data Defense Systems
BIOS, Jan 16, 07 | Print | Send | Comments (0) | Posted In Security
Related Articles
People Cannot Be Patched
Steganos Security Suite 2007
Creating A Culture Of Security
Panda Software Internet Security 2007
Porn Affects Your Pupils!
Malware Writers Stick To Same Old Plot
Nuwar.B Worm Drives Up Stock Market Prices
'Happy New Year' Worm Spreading Rapidly
Fraudsters Cook Up Keylogging Surprises
Norton 360 Beta For Vista Now Available
More...
|