Security
- +
F-Secure integrates antispyware into new releases 29 September, 2005 10:00:02
F-Secure releases antivirus and antispyware software for consumers.F-Secure announced Tuesday the launch of F-Secure Internet Security 2006, consumer-oriented software that can also manage Internet use by children. - +
Authorities make arrests linked to worm spate 29 August, 2005 08:17:35
US police have arrested two people in Turkey and Morocco under suspicion of involvement in the recent spate of computer worms, according to Microsoft. The worms known as Zotob, Rbot and Mytob, targeted the software giant's Windows 2000 operating system. - +
Experts say botnets shrink in size, harder to trace 20 January, 2006 08:18:40
Security experts say botnets are increasingly becoming more difficult to trace as criminals have developed clever means to hide their trails.Security experts say botnets are increasingly becoming more difficult to trace as criminal hackers have developed clever means to hide them. - +
Experts: Next Sober worm on the way, may not do harm 05 January, 2006 08:22:07
The next variant of the Sober worm is set to attack computers already infected by previous Sober at the stroke of midnight GMT as Jan. 5 turns into Jan. 6.The next variant of the Sober worm is set to attack computers already infected by previous versions of the malware at the stroke of midnight GMT as Jan. 5 turns into Jan. 6, according to European antivirus software vendors. Given that both Internet service providers and local police are closely monitoring Web sites likely to be used in the attack, security experts believe the hacker may choose not to engage in any malicious activity this time around. - +
Mobile Trojan targets PCs too 23 September, 2005 08:13:42
A new Trojan uses the phone's memory card to jump from handset to PC.Virus writers have come up with a way to make their malicious software jump from a mobile phone to the PC. Security researchers on Thursday reported the first sightings of a new Trojan program, which masquerades as pirated software for mobile phones and attempts to infect PCs via the phone's memory card.
Click here for case studies, whitepapers and other useful vendor content Newsletter Subscription
They just don't make malware like they used to. Or at least like they did earlier this year.
Even low-quality malware, however, is taxing the resources of security companies, since it is being detected in ever-higher numbers.
Over the last six months, the technical creativity of malware had fallen along with the ability to cause massive damage, such as that created by the MyDoom and Sasser worms of years past, wrote senior virus analyst for Kaspersky Lab, Alexander Gostev, in a recent report.
Gostev's lab intermittently sees highly technical malware, but most was the same unending stream of Trojans, viruses and worms, he wrote. In many cases, hackers simply take existing malware and create variants, by tweaking the older code to evade antivirus software.
At times, the process is simple trial and error. Malware writers used online scanners such as [Virustotal], which checked to see if their new code would be detected by antivirus software, chief research officer for F-Secure, Mikko Hypponen, said.
If the code was detectable, they could make a slight modification and run it through the scanner again.
"I'd like to tell you that we're winning this war," Hypponen said. "But frankly, I'm not so sure. We need new kinds of solutions."
Because much of the code is not new, it tends to remain effective for shorter periods of time before antivirus companies detect it. Still, the time it takes to identify and create a signature for a new virus, which can range from a few minutes to a few hours, is often long enough for hackers to infect computers.
"Antivirus companies are working at the limits of their capabilities in terms of speed," Gostev wrote.
To be sure, some malicious hackers are doing creative work. This year saw some sophisticated phishing attacks, and virus writers have been branching into relatively new areas such as instant messaging and social networking sites, security research manager for FaceTime Communications, Christopher Boyd, said. But the trend overall had been quantity over quality.
Kaspersky Lab in Moscow is on the front lines of the battle. Its analysts added 2000 signatures to their database in January 2005. Last month they added 10,000 signatures -- a five-fold increase, head of the lab,Stanislav Shevchenko, said.
The virus analysts work 12-hours shifts, pulling up screen after screen of rolling lines of code. Automated tools analyse some pieces of malware, but human analysis is still needed for others.
A good analyst should process an average piece of malware within 5 minutes, Shevchenko said. But some of the rarer, more creative code is harder to crack. Polymorphic viruses -- ones that could change their byte sequences to throw off antivirus software -- could take up to a week to analyse, Shevchenko said.
The signatures are added to a database used by Kaspersky's antivirus engine, which is licensed by other security vendors such as Juniper Networks, ClearSwift and F-Secure.
The increase in the volume of malicious code could be attributed in part to the impunity enjoyed by malware writers, head of antivirus research, Eugene Kaspersky, said. Despite efforts by law enforcement agencies to strengthen international cooperation, most malware writers were never punished.
"It's quite safe for them," Kaspersky said. "If they are clever enough, there is almost no risk for them at the moment."
The US Federal Bureau of Investigation and Russia's Federal Security Service (FSB), the successor to the country's KGB intelligence agency, frequently ask Kaspersky Lab for information, Kaspersky spokesperson, Timur Tsoriev, said.
The FSB, however, approached Kaspersky less these days since the agency had bolstered its in-house expertise, Kaspersky said.
His lab focused less on finding the root of criminal activity than protecting the company's customers, he said. But the burden of rising online criminal activity directly impacted on security companies.
"If there is no help from the police and if they don't reduce the number of criminals, I'm afraid the detection for all antivirus products will go down," Kaspersky said.
ARN Member Login
Brian's bloopersIt takes a long time to produce an episode of Channel Watch. Maybe you'll understand why after watching this...
Weekly Tech News Update: May 16, 2008HP is to buy EDS, CBS is to buy CNET, Carl Ichan launches a proxy fight for Yahoo, Microsoft limits computing power for XP, LG introduces a 3G Prada phone and Twitter beats big media on the China quake.
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
F-Secure Represented On The International Advisory Board IMPACT 16 May, 2008 13:42:00
Quantum announces General Availability of Industry's First Solution Designed to Match De-Duplication Functionality to Specific B 16 May, 2008 10:44:00
Fortinet Expands Channel Program for Australia and New Zealand 15 May, 2008 14:19:00
VIA Unveils the World’s Lowest Power x86 Processor on the World’s Smallest Board 15 May, 2008 14:03:00
WatchGuard Issues 45 Day IT Network Security Reminder for Achieving PCI DSS Compliance 15 May, 2008 11:33:00
WebCentral boosts Security and Reliability with Windows Server 2008
WebCentral, Australia’s largest web and application hosting company, relies on Microsoft Windows Server 2008 to deliver the security, manageability and reliability their customers require.
Subscribe to ARN
