What mutating spyware reveals about the future of security
Computerworld -
According to a July report from the Pew Internet & Americal Life Project, more than 90% of Internet users have changed their online behavior to avoid spyware. That is a remarkably high level of awareness, considering the relative newness of the spyware threat.
The study generally reports on consumer behavior, but as you know, spyware is hardly a stranger to the enterprise. And while it's getting increasing attention from IT managers, it deserves another, closer look. Current developments in spyware engineering foreshadow dangerous challenges for enterprise security. Here's why.
Spyware is literally evolving -- mutating in the wild to avoid detection. This is an ominous trend, and it's getting worse: Cases of mutating spyware have more than doubled since the start of the year. And this is true mutation, unlike simple polymorphism. Impressive though it may sound, a polymorphic threat simply has multiple strains or chooses its name or location at install time, normally from a preset list. Most "mutating" malware in recent years has used these primitive techniques, which even basic signature-based solutions could handle with simple heuristics.
Most of the antispyware products in the field are catching only these weak strains. And though Darwin might have protested invoking natural selection for digital creations, the fittest spyware mutations don't merely survive -- they thrive. With no "predators" to stop them, the mutated spyware often finds an inviting home in the unsuspecting enterprise. This is despite the legions of IT managers who have deployed traditional antispyware products. Unfortunately, these traditional solutions don't work against true mutation, and the IT managers are lulled into a false sense of security. With their guard down, the IT managers prove the old adage that a false sense of security is worse than no security at all.
Why has spyware become such a significant threat so quickly? Money, of course. The riches to be made using many of today's threats -- spyware, spam, even viruses now -- attract serious talent. Indeed, the dirty little secret of the security industry is that the top bad guys are just as smart as the security vendors. Ironically, they share tools and techniques better than most security vendors. And they use the same best practices.
For example, the spyware known as CoolWebSearch is a notorious browser hijacker. There are dozens of variants, some of which actually employ the same auto-update strategy as security products. Auto-updating played a major role in helping the stronger strains stay one step ahead of antispyware products for months. Vendors have been forced to release
Security
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

