Malware vs. anti-malware, 20 years into the fray

From Robert Morris Jr. to mayhem, with tips for practical living

Those kinds of threats are still around. My own carefully tended AV setup still sees postcard.exe, born sometime in 2005, coming by about two or three times a week. The fact that old-style Trojan horses like postcard still exist just goes to show that a sucker really is born every minute. The flood of infections that come in waves every time the usual suspects send out a toxic attachment on an e-mail message piggybacking on the news of the day means you can expect Olympic-themed spam with a little something "extra" any day now. Users will still click on any shiny object that floats by. And the extraordinary success of recent "spearphishing" efforts to capture C-level exec's machines by sending targeted e-mail claiming to include a subpoena indicates that foolish clicking happens all along the corporate food chain.

The real problem, though, is that all the easy human ways to spot troublemakers like the Storm attacks don't work against 21st-century malware. Instead of coming in big and brassy, as an e-mail attachment or on removable media, most malware today slides in when you visit a site that's been cracked and now contains a XSS (cross-site scripting) exploit or an unguarded social network page with a visitor-added link concealing a CSRF (cross-site request forgery) attack. You click on what appears to be a link (you may even see the page you expected) and in the meantime, your PC is downloading the latest attack code (and maybe scooping up your stored cookies as it goes along).

And one more thing: The Macintosh's burgeoning popularity isn't limited to just the good guys. The recent success of the hackers targeting the Mac at CanSecWest's Pwn 2 Own competition, in which security on the MacBook Air was breached before the defenses on the Windows Vista machine also in the competition, shows that there's no safety even in the platform commonly perceived to be somehow immune from the problems Windows users have faced for years. Next up? Most observers predict that the long-awaited boom in malware targeting mobile users is near at hand.

... and in this corner, the defense team

According to Symantec, nearly two-thirds of all threats were detected in 2007. There will doubtless be even more arriving in 2008. By 2009, Jari Heinonen, Asia-Pacific vice president at F-Secure, predicts that "the total number of viruses and Trojan [horses] will pass the 1 million mark." (If, indeed it hasn't already, as some reports claim.) These newborn malware pests are harder than ever to discover, challenging the authors of anti-malware software to keep abreast not only of a rising tide of threats but to battle threats that look entirely unique.

It used to be that all an antivirus program needed to do was to detect a virus' simple signature -- a unique sequence of numbers derived from the bug's executable code -- to identify the intruder and blast it into kingdom come. That was then. This is now. Any self-respecting malware program today is polymorphic. That's a fancy way of saying it keeps changing itself every time another copy is made so that it doesn't look exactly the same to antiviral programs. And increasingly, those programs are using server-side polymorphism, which means that the infection arrives on your machine pre-mutated, so your antivirus package can't even spot a suspicious arrival by noticing that it carries code for a mutation engine.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about F-SecureGood GuysMicrosoftMITPLUSSecurityFocusSickSpeedSymantecThe Good GuysVIA

Show Comments