|
In this white paper, we discuss the evolving nature of malware, and why enterprises continue to be highly vulnerable to targeted malware attacks despite deployment of common security solutions like anti-virus software and traditional firewalls. Accordingly, the paper then describes new solutions designed to be much more proactive and effective in protecting an organization's inbound and outbound traffic.
State of the "virus union"
This whitepaper uses the term malware as synonymous with any dangerous software that someone might refer to as a virus, spyware, Trojan, rootkit, bot, hijacker, or ransom-ware. Malware, which stands for "malicious software" refers in general to every form of active content that most IT administrators don't want to have in their network.
A little bit of history: Ten years ago, when nearly all of today's available anti-virus solutions were architected, the typical piece of malware was commonly authored by a dissatisfied employee or by a young amateur code writer looking for a thrill. Its sole purpose was to wreak general havoc and boost the self esteem of the author. Few individuals had the time or the skills needed to create a piece of malware, and even fewer had the skills to make it capable of self propagation. As such, in those early days of virus appearances, it was a sound approach for an anti-virus vendor to create a snapshot, now called a signature, of that piece of malware and to use it to search the system for infected files using a simple lookup mechanism. At the same time, some virus writers used morphing code to infect vital operating system files and disable a machine. For that threat, anti-virus vendors developed the simple idea of comparing sizes of popular operating system files that were prone to virus infection against a known list of valid file sizes and were thus able to detect infections accordingly. However, these approaches provided only limited protection after the virus/malware was out in the open and causing damage. And by comparison to now, those were the good old days.
Today, anyone who is somewhat IT savvy, connected to the Internet, and with malicious intent can create a piece of self-propelled malware. Resources exist all over the Internet that provide information on how to develop and propagate malware, including some sites that provide downloadable toolkits to enable these efforts. Many of these sites are meant to provide legitimate tools to enhance the security awareness of an enterprise, but ill-willed individuals find it easy to convert these tools for malicious purposes. Attack points for such malware are now even easier to find, since more and more people and applications are on the Web today and the number of application vulnerabilities is rapidly increasing. According to Secunia6 the number of vulnerabilities is constantly on the rise, on average quadrupling from February 2003 to August 2006.
Stopping the targeted attack: Why comprehensive malware protection is superior to anti-virus signatures for protecting your organization
With numerous tools readily available, more individuals capable of creating malware, and more access points, it's not surprising that the number of actual malware appearances has grown exponentially over the last few years. On July 6th 2006, McAfee issued a press release that stated it had taken them almost 18 years to populate their database with the first 100,000 malicious samples, but just under two years to grow to 200,000 samples and that they expect to reach 400,000 threats within the next two years. One of the important changes in the nature of the attacks is that malware is now often targeted at specific enterprises, this has contributed to the explosion in the volume of malware.
|
