RealTime IT News

Tracking The Malware Battle

RFID Malware  has changed radically since the days when John McAfee first set up his BBS and offered VirusScan for download at 2400 baud.

It is rapidly becoming a certainty in life, right up there with death and taxes. And like death and taxes, malware seems to find new and horrible ways to attack you. Antivirus and anti-spyware vendors get better at stomping out the bad guys, and then the crooks behind the malware change strategy.

This year the vicious cycle will continue. Mimi Hoang, group product manager in Symantec's security response unit, thinks malware is going to become a lot quieter, choosing to rear its ugliness behind the scenes.

"The days of Blaster and Sasser are gone," she told internetnews.com. "It used to be for notoriety. Now people don't want you to know that's going on. We're not going to see mass mailers, but targeted, stealthy attacks that are money-driven. They have funding behind them so they make sure attacks fly under the radar."

This shift in strategy will include polymorphic attacks. The software will keep changing to evade both heuristics and signatures in security programs, and there will be multiple steps to the attack. It will use a combination, such as a rootkit , to get into a computer, then download a Trojan or key logger.

Unfortunately, phishing attacks will continue. "There's huge money in it," said Natalie Lambert, senior analyst for Forrester Research. "Why stop doing something that's making millions?"

Also, expect more attacks on applications as Microsoft succeeds in hardening its operating systems. "I think that virus writers are going to go after the lowest hanging fruit that is in the most places," Lambert added. "If the OS becomes harder to crack, they will then go for an app with a lot of market share. Adobe Reader is a primary example."

It's not an optimistic view, but don't think the good guys are just going to roll over. They have their own plans for fighting back as well.

Addressing poor user habits

The first problem is dealing with the poor computing habits of consumers. Corporations are much better at maintaining security on their networks, but most of the thousands of botnets  that are in the wild are on poorly maintained personal computers.

"There are people who think they have antivirus protection because they got an AV program from 2003 installed on their computer," said Lambert. "You might as well have nothing on your computer. It's only as secure as your last update."

And a lot of computers are not secure. At the recent World Economic Forum in Davos, Switzerland, Vint Cerf, known mostly for birthing the Internet, estimated that of the 600 million computers on the Internet, one-quarter of them, 150 million, are on botnets and don't know it. If Cerf's numbers, as reported on the forum blog, are accurate, it's a shocking indictment of the failure of people to care for their computers.

The most common viruses seen in the wild floating around on the Internet are Beagle and NetSky, which have been around for years. Even the weakest of antivirus programs should catch them. They flourish because so many people have been negligent in protecting their computers or, in some cases, disabling their security software because it's so annoying.

Next page: The ISP and the vendor