Kaspersky: Malware quality drops, quantity rises
Shoddy code and a whole lot of it in 2006
IDG News Service - They just don't make malware like they used to. Or at least like they did earlier this year.
Even low-quality malware, however, is taxing the resources of security companies, since it is being detected in ever-higher numbers.
Over the last six months, the technical creativity of malware has fallen along with the ability to cause massive damage, such as that created by the MyDoom and Sasser worms of years past, wrote Alexander Gostev, senior virus analyst for Kaspersky Lab Ltd., in a recent report.
Gostev's lab intermittently sees highly technical malware, but most is "the same unending stream of Trojans, viruses and worms," he wrote. In many cases, hackers simply take existing malware and create variants, by tweaking the older code to evade antivirus software.
At times, the process is simple trial and error. Malware writers use online scanners such as Virustotal, which check to see if their new code will be detected by antivirus software, said Mikko Hypponen, chief research officer for F-Secure Corp.
If the code is detectable, they can make a slight modification and run it through the scanner again.
"I'd like to tell you that we're winning this war," Hypponen said. "But frankly, I'm not so sure. We need new kinds of solutions."
Because much of the code is not new, it tends to remain effective for shorter periods of time before antivirus companies detect it. Still, the time it takes to identify and create a signature for a new virus, which can range from a few minutes to a few hours, is often long enough for hackers to infect computers.
"Antivirus companies are working at the limits of their capabilities in terms of speed," Gostev wrote.
To be sure, some malicious hackers are doing creative work. This year saw some sophisticated phishing attacks, and virus writers have been branching into relatively new areas like instant messaging and social networking sites, noted Christopher Boyd, security research manager for FaceTime Communications Inc. But the trend overall, he said, has been "quantity over quality."
Kaspersky Lab in Moscow is on the front lines of the battle. Its analysts added 2,000 signatures to their database in January 2005. Last month they added 10,000 signatures -- a five-fold increase, said Stanislav Shevchenko, head of the lab.
The virus analysts work 12-hours shifts, pulling up screen after screen of rolling lines of code. Automated tools analyze some pieces of malware, but human analysis is still needed for others.
A good analyst should process an average piece of malware within 5 minutes, Shevchenko said. But some of the rarer, more creative code is harder to crack. Polymorphic viruses -- ones that can change their byte sequences to throw off antivirus software -- can take up to a week to analyze, Shevchenko said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts