Q1 Threat Report: Surge in Malware, Drop in Spam
With six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history.
As malware has grown more sophisticated, it's become apparent that relying on signature-based anti-virus (AV) solutions is not going to cut it anymore. That doesn't necessarily mean people should get rid of their AV software tomorrow, but it does mean that they should be looking for ways to augment AV software that was never meant to deal with zero-day attacks that have no signature to register just yet.
One company that has been gaining a lot of notice in security circles lately is Malwarebytes, which today outlined its ambitions for bringing its technologies to the enterprise.
According to Malwarebytes CEO Marcin Kleczynski, companies today need security defenses that combine traditional signature-based approaches with behavioral and heuristics-based approaches to security that make it easier to defend against modern malware. The simple fact, says Kleczynski, is that the people distributing malware are more organized and sophisticated, which means they are sending more attacks than ever that do a better job of leveraging social engineering methods to fool the average end user into downloading malware payload.
Malwarebytes has gained a reputation for delivering a free version of its software that is widely used to remove malware generated by a zero-day attack. The company is now selling a professional version of that software that prevents those attacks from happening in the first place, says Kleczynski. In addition, Malwarebytes recently acquired hpHosts, a service that provides a list of malicious websites that have been blacklisted.
One of the biggest issues with IT security today is that a certain amount of complacency has set in when it comes to finding new technologies to combat the problem. The tendency today is to be overly dependent on existing AV and firewall technologies in the hopes that they will either be enough to deal with the problem or the company will simply be lucky enough not to be attacked. As both of those cases continue to be more unlikely with each passing day, it's becoming pretty clear that IT organizations need to step up their security efforts or inevitably fall victim to an attack that, in the final analysis, they really did little to defend against.