- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Poor detection of the MPack data-theft toolkit by antivirus software has allowed it to run riot on the Internet, a new analysis from Finjan has claimed.
The company says that the malware system has been used to successfully infect 500,000 consumer and corporate users since it appeared some months ago, achieving unusually high infection rates of 16% from an attack profile of 3.1 million web-borne attempts.
To make matters worse, as of July 29, many of the best-known security programs still couldn't detect software downloaded by it, despite its workings having been known about since as far back as October 2006. Names on the list tested by Finjan that failed to find malware called by the program included Sophos, AVG, Microsoft, Kaspersky, and McAfee. Of the top security brands, only Symantec noticed MPack infection, identifying it generically as "Downloader.Trojan."
In June, the program was blamed for unleashing a torrent of malware after hacking 10,000 Web sites, mostly in Italy.
MPack has a number of features that mark it out from the malware crowd. It has a proven ability to inject code on to legitimate websites, compromising them for unsuspecting visitors. To this end, it can also detect which browser and browser version a visitor is using, serving a custom exploit depending on what it finds.
Finjan's latest report on the program identifies a number of stealth features that make it nearly impossible to detect while it is attempting to steal data, including the use of rootkit technology, encryption for all its data communication activities, and the ability to wipe traces of itself once it has finished executing its crime. This has been compounded by poor detection rates among the security programs it is likely to encounter on user PCs.
MPack's intention is simply to steal as much banking-related or other data as it can, of which Finjan provides screenshot-based analysis in the report to demonstrate its effectiveness. The authors are in no doubt that this is crimeware that works as intended.
"As there are no external indications that the machine has been infected, there is no reason why users should not continue to use the infected machine," the report says.
"As attacks become more evasive and obfuscated, security companies find it more difficult to put their hands on malicious code, analyze it in their labs and create a signature for it. Antivirus, reputation-based services and URL filtering solutions are potentially limited in their ability to cope with evasive attacks, which appear once and then vanish," it concludes.
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment