Malware

The Never-Ending Struggle for Malware Containment

The IT security front is like any war: Secure one battle line and a breach may occur on another.

Red flags about malware have become almost a daily occurrence in the virtual world, and the malware lexicon has mushroomed in recent years. Terms like “zombie,” “rootkit,” “worm,” “Trojan,” “spyware,” “botnet” and others are descriptors of some of the most worrisome IT issues extant.

However, as problems spring up, new tools are developed to fight them. Microsoft, as an example, released 11 security updates on Feb. 12.

An Ongoing Battle?

It’s a back-and-forth battle — so which side is winning?

“It depends,” Yankee Group analyst Laura DiDio told TechNewsWorld.

With an increasingly mobile workforce, many people have an office computer in their homes, as well as a laptop and perhaps a BlackBerry. Under such circumstances, she noted, it’s possible to keep malware at bay only by taking a highly proactive stance. “You can never declare victory. It’s an ongoing struggle.”

Indeed, malware propagators had a big year in 2007, according to a yearly report from ESET, which cited established modes like user-download lures as particularly effective.

“It’s basically an ongoing war,” Gordon Haff, principal IT adviser for Illuminata, told TechNewsWorld. “There’s no such thing as being able to maintain perfect security.”

Plus, it’s big business, according to ESET’s latest findings. Botnets can be obtained for disseminating commercial spam mailings as well as an array of illegal activities, including denial of service attacks and data and identification theft.

“That’s certainly been one of the trends in general — everything from spam to more sophisticated operations,” Haff said. “It’s kind of gone from some kid having a good time, so to speak, to, in many cases, to being part of organized fraud and that sort of thing. That’s clearly been one of the big stories with spam and malware over recent times.”

Proactive Strategies

Malware developers never rest, DiDio said, so security-minded institutions have to be proactive.

“Four months in security terms is equal to a year or two,” she noted. “You’ve got to constantly be vigilant. So, the ones that are vigilant and telling their people, ‘Here’s what you do and don’t do,’ the ones that are constantly adapting, are the ones keeping the monster locked in the closet.”

Nevertheless, there are more system-devouring beasts trying to get out of that closet all the time, Charles King, principal with Pund-IT, told TechNewsWorld. “The threats are still out there and are going through quiet periods followed by threats in areas where people haven’t expected them. To date, the big companies are doing a credible job, but at one level they’re forced to constantly fight a rear-guard battle. They’re very good at continuing to update and improve the response to previous problems they know about.”

Responses to new threats have to be quick and precise, because they’re often reactive, King added. “It’s tough work, but there’s a lot of money and brainpower being thrown at it on a daily basis.”

ID theft may be the most troublesome trend, he continued. “The attacks on individual privacy and attacks on individual computers for the sake of doing identity theft, I think, have become more troubling over the last year because the attacks seem to be increasingly sophisticated.”

The growth of such well-organized and tough-to-manage threats have a purported connection to organized crime, which makes it more problematic, King said. “By the time companies figure out something is wrong, these guys have closed up shop and moved on.”

The Old Stereotype

No longer common is the stereotype of a lone techno-geek who cracks a system for kicks, DiDio said.”A lot of these hackers have gotten smarter. They have conventions of their own and they’re in contact with one another. It’s a game to them to copycat.”

Security-minded companies are no longer willing to deal with the problem by, in essence, compensating the criminals, she added. “It used to be that hackers would do something specifically to get the attention of a corporation to do a hack in hopes of getting hired. Now, you see more and more them going to jail.”

Malware is no longer just about cracking a single system — it’s a volume business, Haff noted. “Aside from the occasional penetrations of companies and the loss of data, for the most part a lot of the security issues one hears about really is a numbers game. It’s not about going after a specific person; it’s about making hundreds of thousands or even millions of attempts [to breach PC security] and having a small percentage of success, as opposed to trying to break into a specific account or PC.”

Wireless Concerns?

Wireless security breaches haven’t become a major issue — yet, he added. “That really hasn’t been the big security problem,” he said. “Things like open hot spots haven’t been the bigger problems. It’s taking over the compromised PCs that’s the problem.”

Wireless concerns are worth time to study, although they’re perhaps more a future worry than present, DiDio commented. “Generally speaking, I’d never say never. If you’re not aware of them, that’s when you have to be most cautious and wary. It’s out there.”

King concurred. “I think where they are particularly dangerous is where the virus is being used to alter or curtail the freedom to create a bigger user’s machine and make it part of a larger network, a zombie-style network.”

More troubling, he added, are organized efforts to hack into government — specifically defense and finance-oriented systems. “Those I think are a more substantial problem, primarily because of the sophistication involved and the kind of data being stolen from targeted government databases, defense department computers and so forth.”

Vigilance is the best weapon against malware proliferators, DiDio concluded. “I’ve been shocked that some of the largest companies in some of the most sensitive vertical areas — whether you’re talking finance, government or healthcare — are some of the most egregious offenders of good computer hygiene and security. We have made more progress, but at the same time, so have the hackers.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Elon Musk's Dec. 2 action to release The Twitter Files: Approve or Disapprove?
Loading ... Loading ...

LinuxInsider Channels