Malware Attacks Growing, Most Are Undetected

Published November 1, 2008

More than half of all malware threats on the Internet go undetected, according to a report from Cyveillance, a Web security firm based in Arlington, Virginia.

Malware, a malicious file or application unknowingly downloaded from a Web site or server, can range from “keyloggers,” which record keystrokes with the intent of capturing sensitive information such as credit card numbers, to applications that launch denial of service (DoS) attacks, which “take over” a computer or server and keep it from functioning properly.

“Malware producers are becoming more creative,” said James Brooks, director of product management for Cyveillance. “One of the biggest trends that we’ve seen is an explosion in malware from e-mail.”

Sources Proliferating

The sources of malware are numerous and growing, the report says. Malware hosting sites, for example, store and serve up malware executables, which begin functioning when downloaded or when certain info is entered (such as a 16-digit credit card number) and breach a computer’s security. Such an attack could make a victim’s credit card numbers accessible to the hacker.

The malware may be disguised as a legitimate program or a link to a Web site—movie personality sites are among the most commonly targeted.

Some of these sites even offer applications promising to remove viruses and other malware from a computer, but instead include so-called “Trojan horses” or other malicious programs that infect the computer once the user downloads the application.

In those attacks, a malware producer will send thousands of e-mails to random addresses. The e-mails will appear to be from a large financial institution, a consumer company (Hallmark is a popular “Trojan horse” for fraudsters), or another firm that has thousands of customers and from which recipients might legitimately expect to get e-mails.

Servers in China and the United States continue to host the majority of malware executables, continuing a long-term trend, according to the report. U.S.- and Chinese-based servers hosted a combined 44 percent of malware found during the first half of 2008.

That number was actually 20 percent below the first half of 2007, but it does not represent a decrease in the overall problem. Instead, it reflects an increase of attacks in other nations, according to Cyveillance.

Increasingly Complex

The types of malware are also increasing in scope and complexity. In addition to keyloggers and applications launching DoS attacks, computer experts report several other types:

* Downloaders are programs containing location and login information for malware servers. These programs contact the remote malware server to facilitate additional malware downloads to the host computer.

* Backdoors are programs allowing others to gain unauthorized access to information or computer resources by bypassing security mechanisms.

* Bot clients are applications allowing unauthorized access to and/or control over a user’s computer in order to help facilitate malicious activity such as spamming.

* Redirectors are applications that redirect a browser to a fraudulent Web site when the user enters a legitimate Web address in the browser’s address bar.

* Data miners are programs that collect and analyze information without the user’s knowledge.

Mobile Threats

The increasingly mobile workforce also leads to new malware challenges, says Sean Martin, vice president of product management for SkyRecon Systems in San Jose, California.

While a network administrator or another person in the company may adequately secure the company’s own equipment from malware attacks, employees may use their own laptops on the road. If those employees fail to download security patches and take other precautions, they can pick up malware and unwittingly transfer it to the company computers when they attach the laptop to the company network or transfer files via removable drives or other means.

Instant messaging is another increasing source of malware attacks, Martin cautions.

Layered Security

Even a legitimate antivirus program will stop only about half the malware pulsing through the Internet, Brooks adds. He and other security experts recommend using layered security to protect against these threats.

Multilayered security should begin with a company’s own security policy, Martin says. The policy should outline appropriate use of company equipment, including permissible and non-permissible activities (downloads, forbidden Internet sites, etc.).

Automatic updates for security patches are another security precaution many experts recommend. Automatic updates enable necessary changes to security features of the operating system and prompt antivirus, anti-spyware, and other such programs to add new features and patches to protect against new viruses without the need for user intervention.

Martin also recommends using applications that search for known malware, plus applications that protect against vulnerabilities inherent in computer systems.

Software Changes Urged

At this point, most computer users aren’t aware of the magnitude of the problem, and software makers could ultimately have a big role to play in combating malware, said Michel Kabay, an associate professor of computer security and information insurance at Norwich University in Northfield, Vermont.

“Most users don’t even know their systems are infected until a computer technician points out the thousands of infections when the machines are brought into the shop because they are acting funny,” Kabay said. “[Any] change will have to come from software vendors.”

Kabay says software vendors could strip scripting languages out of software—particularly Microsoft Office—which would prevent hackers from converting programs into malware applications.

“This recommendation was made by hundreds of security specialists at the time of the original Word concept macro virus in 1995, but Microsoft rejected the proposal,” Kabay said.

Phil Britt ([email protected]) writes from South Holland, Illinois.