We are facing a new generation threats landscape that many analysts are calling Malware 2.0.
Currently we are faced with a numeric explosion of new malware variants. The number of new strains of malware that appeared in 2007 increased tenfold with respect to the previous year. Over the last year, PandaLabs, Panda Security's laboratory for detecting and analysing malware, has received an average of more than 3 000 new strains of malware every day. This represents a malware epidemic, which although silent - with little media coverage and no widespread alerts - is nevertheless equally dangerous.
As regards protection, solutions solely based on continuously updated signature files are no longer sufficient to guarantee users' security. This is evident from the results of a study carried out by PandaLabs, which showed that 23% of home users were infected with malware, despite having a security solution installed and enabled on their computers.
The situation in corporate environments is similar. According to the study, almost 72% of networks with more than 100 workstations were infected with malware.
But conversely it isn't just the en masse bombardment of malware that is dangerous. Targeted attacks using tailor-made malware infect only a few hundred PCs before updating itself with a new undetectable variant to avoid detection by regular anti-virus signatures.
There is constant innovation being displayed by cybercrooks in their malware creations. They now use quality control - ie each variant is tested on the most common anti-virus engines to ensure it is undetected by the majority of them.
Solutions solely based on continuously updated signature files are no longer sufficient to guarantee users' security.
Jeremy Matthews is head of Panda Security's African operations.
Rootkit techniques are now often used within trojans and spyware to create an incredibly advanced program that poses yet another barrier for detection. And some of these very rootkits have become so canny that they know whether they're running within a virtual machine environment, responding accordingly.
One of the scariest new threats is the packer: a nifty tool that can modify and compress an executable file by encrypting and changing its form from its executable format to something far more innocent like a .doc or .pdf - thus evading signature-based detection.
Currently most infections occur in stages - most of today's malware has a tendency of using a two-staged attack as its main infection technique either by exploiting known or zero-day vulnerabilities or by using small downloaders which change rapidly to evade detection. Now, however, it is only a matter of days before a vulnerability is taken advantage of (whereas in the past it would have taken weeks or months).
Panda recently reported that half a million computers are infected by bots - programs that go resident on a computer awaiting commands from their creators, who can then take complete control of the infected system. Once they have control over several hundred computers, cyber-crooks can hook them all up to create botnets. These botnets will be controlled remotely not only through IRC (as has often been the case), but also P2P (instant messaging) networks or the HTTP (Web) protocol. Because the latter two have stronger communication encryption, they are more difficult to detect and shut down.
* Jeremy Matthews is head of Panda Security's African operations.
Share