Evolving Malware Still a Major Problem

Carl Weinschenk

For an article with the headline "Viruses Expected to Hit 1 Million This Year," this is an unexpectedly upbeat piece.


Sophos says that about one-quarter of unique malware was developed during the last six months, despite the fact that these malicious shards of code have been around, in one form or another, for two decades. There is more malware now, the piece says, and it is being produced at a breakneck pace.


So what is the good news? The increases appear to be caused by the bad guys flailing away trying to figure out what will work. Increased user diligence, better filtering and stronger corporate policies means that the number of infected e-mails has declined from one in 40 five years ago to one in 1,000 today. Some of the gains may be misleading, however. The experts say that the decline in e-mail-borne malware is at least partly offset by drive-by downloads in which crackers plant malware on Web sites -- many of which are legitimate -- in the hopes that it infects visitors whose browser protection is inadequate.


By any measure, danger still abounds. Thieves recently stole vital information from 4.2 million payment cards used by customers of Hannaford Brothers, a grocery chain headquartered in Maine. The cause, according to the post, was malware so sophisticated that it took about 30 experts more than 10 days ferret out. That is what is known in legal circles as a lot of billable hours.


This SC Magazine piece -- an introduction to anti-malware gateways --requires careful reading by those not familiar with how corporate security architectures are structured. There are two areas of anti-malware initiatives. Gateway protection sits at the perimeter of the corporate network and assesses data coming into and leaving the corporate LAN. "Defense-in-depth," the catch-all name of a strategy of using a number of disparate approaches to secure the enterprise, adds a management layer that manages security on the end points (i.e., employee computers) within the organization. The review says that it is important to know the distinctions between the two related but distinct systems.


The multi-layered, defense-in-depth approach to security is well presented from a real world point of view in this posting at The Last Orion. The writer lays out several levels of security that are necessary, which generally track with the perimeter and desktop duality described in SC Magazine. The blogger says that a network software firewall or appliance is necessary to protect the network. Independently, each work station must have current patches and other software must be airtight. Email and remote security also are important.


It seems that these hardware and software devices have their work cut out for them. Panda Security released its first quarter infection results this week. The company says that adware accounted for 28.58 percent of malware infections and trojans comprised 25.46 percent of infections. Trojans represented 62.16 percent of malware samples, which apparently meant that less than half successfully infected computers.


Malware is a broad and amorphous category. While the industry -- vendors, IT departments and even end users -- are doing a better job of protecting their networks and computing devices, that doesn't mean criminals will stop trying. They simply will change tactics.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.