[LINK] Web malware a 'loosing battle'

stephen at melbpc.org.au stephen at melbpc.org.au
Tue Dec 18 13:01:20 AEDT 2007 

Malware flood driving new AV 

Symantec researchers say number of malicious applications is rapidly 
outpacing the volume of legitimate programs, forcing a rethink of  AV 
defense tactics  By Matt Hines. December 14, 2007 

http://www.infoworld.com:80/article/07/12/14/Malware-flood-driving-new-
AV_1.html?source=NLC-TB&cgd=2007-12-17

During a weeklong period in mid-November, security experts with Symantec 
observed roughly 65,000 new applications being downloaded onto the 
computers of customers participating in a new research project -- based on 
their analysis of the software, as many as 60 percent of the programs were 
malicious. 

The numbers point to a disturbing trend that the researchers say may force 
the security company to change its fundamental approach for warding off 
threats -- that being that the number of malicious applications coming to 
life on the Web appears to be outpacing the volume of legitimate programs. 

With malware authors using fuzzing tools to find holes in popular 
applications such as Web browsers, and testing their work against 
commercial anti-virus (AV) products to ensure that the attacks evade 
detection by the tools, leading researchers at Symantec admit that 
defending against threats using traditional methods has become something 
of a losing battle. 

"The reality is that most new malware is going undetected by commercial 
security products, and not just Symantec's, but we have to recognize that 
like all other AV products we are probably missing a sizeable amount of 
this malware," said Carey Nachenberg, a member of the company's Symantec 
Research Labs who also wears the title of Symantec Fellow. 

The trend toward malware authors using small runs of attacks to evade 
detection and hook as many victims as possible, known as server-side 
polymorphism, is forcing Symantec to reassess how it goes about protecting 
its users.
 
Since it can't hope to keep up with every flavor of threat that is being 
created, traditional countermeasures such as the use of malware signatures 
or behavioral heuristics will need to be augmented with new tactics, 
Nachenberg said. 

One such alternative is the use of the same distributed data collection 
capabilities that Symantec is using to track the proliferation of malware.

By creating a system of file and Web site reputation by studying 
applications usage patterns among its customers, the researcher said, 
Symantec hopes to use a community approach to help people determine which 
programs they decide to use, or avoid. 

--
--

Message sent using MelbPC WebMail Server

More information about the Link mailing list