Proactive malware response needed

By Leon Engelbrecht, ITWeb senior writer

Johannesburg, 22 Feb 2007

Traditional anti-virus solutions are worthless against a targeted malware attack or zero-day exploit, says Jeremy Matthews, MD of Panda Software SA.

He says companies need proactive technologies to block these. "There is no such thing as 100% foolproof security. But reactive technologies are still the most effective way of blocking known malware."

Matthews believes combining reactive technologies or signature scanning and passive-proactive technologies, such as firewalls; as well as proactive technologies, like heuristic engines, is far more effective.

"Traditional anti-virus refers to signature-base detection," says Matthews. "This is a reactive process, which implies a number of users getting infected first and then sending on the malware information to their anti-virus provider. The research lab will then prepare a signature file update and the malware will be removed from the infected computers once they update. It will also block the malicious file on all updated computers in the future."

However, hackers now operate faster than this business cycle, delivering malware to target computers faster than anti-virus providers can generate signatures and patches.

Malware audit

In 2006, PandaLabs received more samples of new malware than in the past 15 years combined. "While malware creators used to blast the Internet users with their one creation, they now create an infinite number of variants to affect as many computers as possible - and give anti-virus researchers sleepless nights," Matthews says.

"Malware creators are not trying to draw attention to their creations anymore. The 'I love you' virus and other blue screens of death are viruses of the past. Now hackers prepare and use (or sell) one unique variant of malware (mostly Trojans) to infect one unique target. This is known as a targeted attack and is far more dangerous than people realise."

Panda has released Malware Radar, a Web-based on-demand automated malware audit service. "An astonishing 76% of the companies audited during the Malware Radar test phase were infected by malware, even though they had security solutions installed," he notes.