Malicious software, or malware, continues to evolve, challenging information security professionals to adapt their defenses. Problems include more powerful bots and targeted attacks, says Patrik Runald, senior security specialist with F-Secure Corporation Security Labs, a global company that protects consumers and businesses against computer viruses and other threats.
One particularly dangerous trend is targeted attacks, where bots, essentially automated malware, are sent on a limited basis, thus evading the attention of programs designed to detect the usual volume of traffic that a brute-force bot attack generates. Sophisticated bot attacks are custom-written and sent to only 10 organizations at once. The e-mail typically addresses a relevant subject sent via one attachment that infiltrates the computer once opened.
In addition, botnets (the groups of computers hijacked and controlled by bots) are using HTTP traffic or peer-to-peer communication channels, giving them an innocuous appearance and making them harder to track. Previously, botnets relied on Internet Relay Chats (IRCs); that method is easier to detect. Now "it looks like legitimate [Internet] traffic," says Runald.
Moreover, bots that manage to install themselves on systems are much more complicated and harder to detect than in the past. Criminals are using rootkits that hide themselves in systems via integration in many system functions, such as 'show processes' and 'missed files.'
"We've seen a high growth in malware using rootkits over the past couple of years to avoid detection," says Runald. F-Secure uses a technology called 'Black Light' to detect rootkits by double-checking files and processes within a system, and pinpointing anything suspicious.
Another major malware problem is phishing. The number of phishing sites increased 800 percent to 37,444 during the year leading up to October 2006, Runald says. Typical phishing e-mails post very convincing replicas of PayPal sites or banking pages and are set up to steal personal information.
The bulk of these attacks and Trojans designed to swipe personal details are coming out of Brazil, while the brainpower behind their design originates in Eastern Europe, China, and Russia, says Runald. The majority of infected machines are in the United States and China.
Big money is involved for successful phishers. In Brazil, a 19-year-old cleared $4.7 million in 2006 before being caught. The penalties for such a crime often amount to little jail time or community service. "It's a fairly safe crime to commit," says Runald.
An emerging threat is malware that runs on cellular phones. So far the problem is a minor one, with only 345 viruses known to exist. But that is up from zero viruses in June 2004, when the first one was discovered. Mobile platforms that are vulnerable include Palm, Symbian Series 60, Windows Mobile, and any platform with J2ME, says Runald.
The spreading vectors for mobile phone viruses are Bluetooth, MMS, Web downloads, and memory cards. The mobile viruses are mostly spreading in Asia and Europe, where Global System for Mobile Communications (GSM) technology is used, rather than in the United States and Canada, where Code Division Multiple Access (CDMA) is prevalent, says Runald.
F-Secure knows of 250,000 pieces of malware currently at large. There are detection programs for 100,000 of them.
By Robert Elliott, former assistant editor at Security Management.