Malware's Evolving Threat

Article excerpt

MALICIOUS SOFTWARE, or malware, continues to evolve, challenging information security professionals to adapt their defenses. Problems include more powerful bots and targeted attacks, says Patrik Runald, senior security specialist with F-Secure Corporation Security Labs, a global company that protects consumers and businesses against computer viruses and other threats.

One particularly dangerous trend is targeted attacks, where bots, essentially automated malware, are sent on a limited basis, thus evading the attention of programs designed to detect the usual volume of traffic that a brute-force bot attack generates. Sophisticated bot attacks are custom-written and sent to only 10 organizations at once. The e-mail typically addresses a relevant subject sent via one attachment that infiltrates the computer once opened.

In addition, botnets (the groups of computers hijacked and controlled by bots) are using HTTP traffic or peer-to-peer communication channels, giving them an innocuous appearance and making them harder to track. Previously, botnets relied on Internet Relay Chats (IRCs); that method is easier to detect. Now "it looks like legitimate [Internet] traffic," says Runald.

Moreover, bots that manage to install themselves on systems are much more complicated and harder to detect than in the past. Criminals are using rootkits that hide themselves in systems via integration in many system functions, such as "show processes" and "missed files."

"We've seen a high growth in malware using rootkits over the past couple of years to avoid detection," says Runald. F-Secure uses a technology called "Black Light" to detect rootkits by double-checking files and processes within a system, and pinpointing anything suspicious. …