Q1 Threat Report: Surge in Malware, Drop in Spam
With six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history.
Viruses and malware always seem to be in the trade press headlines, but in many ways they have become the IT equivalent of death and taxes - you know they are coming, you prepare the best you can and after that, things are just kind of out of your hands.
Our Mike Vizard wrote this week that <span><strong>a sense of complacency has set in when it comes to dealing with malware</strong></span>. Standard signature-based anti-virus solutions simply can't address brand-new, zero-day attacks - the security vendors haven't had any time to add the new threats to their protection matrix. A broader scope of malware protection, which includes monitoring for intrusion and anomalous activity on the network, is needed to respond quickly to malware, which continues to be on the rise.
Here in the IT Downloads library, we have several tools and resources to help you safeguard your network against malware and viruses - and other things that go bump in the cyber night. These tools are all free to download for IT Business Edge members.
The document also goes into great depth about the differences between interpreted viruses and compiled viruses and the ways they go about obfuscating themselves, such as polymorphism and armoring. After running through best steps for hardening your network protections, the report also discusses Intrusion Prevention Systems, currently your best bet for ferreting out weird activity that probably means you've been infected.
Malware Threats and Mitigation Strategies, a 10-page report from US-CERT, can serve as a solid checklist for anyone who wants to do a self-audit on the malware defense stance. In addition to some general housekeeping advice - if you still let anybody plug a thumbdrive into your systems without forcing a scan, you are going to get infected - the report also suggests that network admin routinely monitor for suspicious activity.
Firewalls, DNS server and proxy server logs should be scanned for anomalies like:
It's not a magic, all-in-one solution to fighting malware. But then again, there is no such thing.