During the first quarter of 2007, server-side polymorphic malware affected e-mail, exploiting the well-known zero-hour vulnerability of traditional anti-virus solutions. This is according to the 'Q1 2007: Malware Outbreak Trends' report, released by Commtouch.
The research shows how malware writers are using speed, variation and social engineering techniques to mass-distribute their malicious code across the Internet.
"The server-side polymorphic distribution pattern has proven effective for malware writers," says Haggai Carmon, Commtouch VP of products. "This method is so adept at evading anti-virus defences, it is now being adopted on a large scale."
He says by creating a massive number of distinct variants and releasing them in short, intense bursts, virus writers are able to release new variants so quickly that signatures or heuristics cannot be created quickly enough to protect against them all. Over 7 000 variants were released by the Storm/Nuwar malware in a single day.
Haggai cites the increasing utilisation of social engineering techniques developed by spammers as another tactic to help spam slip past e-mail users' defenses. Malware writers recently began adopting these methods on a large scale to help lure users to open messages and click on attachments.
Using subjects like "230 dead as storm batters Europe", "First nuclear act of terrorism!" and "a bouquet of love", the Storm/Nuwar outbreak in mid-January adopted the tabloid style e-mail to entice readers, he says.
According to him, virus writers who once focused on searching for vulnerabilities in computer applications, are now exploiting the vulnerability of the anti-virus solutions themselves - the zero-hour, he explains.
"This new breed of threats is making every hour of an attack a revolving zero-hour, and even the anti-virus solutions need virus protection."
Related stories:
Sophos reveals rise of Web-based malware in Q1 2007
Spyware still running rampant
Share