What mutating spyware reveals about the future of security
Computerworld -
According to a July report from the Pew Internet & Americal Life Project, more than 90% of Internet users have changed their online behavior to avoid spyware. That is a remarkably high level of awareness, considering the relative newness of the spyware threat.
The study generally reports on consumer behavior, but as you know, spyware is hardly a stranger to the enterprise. And while it's getting increasing attention from IT managers, it deserves another, closer look. Current developments in spyware engineering foreshadow dangerous challenges for enterprise security. Here's why.
Spyware is literally evolving -- mutating in the wild to avoid detection. This is an ominous trend, and it's getting worse: Cases of mutating spyware have more than doubled since the start of the year. And this is true mutation, unlike simple polymorphism. Impressive though it may sound, a polymorphic threat simply has multiple strains or chooses its name or location at install time, normally from a preset list. Most "mutating" malware in recent years has used these primitive techniques, which even basic signature-based solutions could handle with simple heuristics.
Most of the antispyware products in the field are catching only these weak strains. And though Darwin might have protested invoking natural selection for digital creations, the fittest spyware mutations don't merely survive -- they thrive. With no "predators" to stop them, the mutated spyware often finds an inviting home in the unsuspecting enterprise. This is despite the legions of IT managers who have deployed traditional antispyware products. Unfortunately, these traditional solutions don't work against true mutation, and the IT managers are lulled into a false sense of security. With their guard down, the IT managers prove the old adage that a false sense of security is worse than no security at all.
Why has spyware become such a significant threat so quickly? Money, of course. The riches to be made using many of today's threats -- spyware, spam, even viruses now -- attract serious talent. Indeed, the dirty little secret of the security industry is that the top bad guys are just as smart as the security vendors. Ironically, they share tools and techniques better than most security vendors. And they use the same best practices.
For example, the spyware known as CoolWebSearch is a notorious browser hijacker. There are dozens of variants, some of which actually employ the same auto-update strategy as security products. Auto-updating played a major role in helping the stronger strains stay one step ahead of antispyware products for months. Vendors have been forced to release
Security
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
