The war against malware

More than ever before, the threat of malware continued to hang over the heads of enterprise executives in 2007. Further proliferation is also a frightening possibility for 2008, according to some industry participants.

Malware is software designed to damage or infiltrate an operating system without the owner's authorization, and includes computer viruses, Trojan horses, certain types of adware, spyware and other malicious software. Unlike problem-causing software bugs that are flaws in a computer program, malware is designed with the specific intent of causing detriment to the intended victims (Compare antivirus products).

According to Fortinet, a global provider of unified threat management security systems, mass mailers accounted for many of the top 10 malware threats last December, with 'Netsky!similar' topping the list at 11.05% of all reported incidences during the month. 'Iframe_CID!exploit' came in second at 8.47%, while the 'Istbar.PK!tr.dldr' Trojan made it to the list at 1.93%.

As anti-malware tools became more effective, malware authors responded with more sophisticated attacks. 'Selfdefending malware' first appeared last year in the form of Storm Botnet. IronPort Systems, a Cisco business unit, said that when researchers or security vendors try to investigate a Storm-infected web server, the malware will fight back with a distributed denial-of-service attack and relocate the Web server.

Global data security company F-Secure, conducted a worldwide survey in the second half of last year to assess 2007's data security situation.

The survey results were chilling. Some 250,000 different types of malware, including new ones and variants, were found in 2007, the same total from the previous 20 years.

"The numbers were staggering because the bad guys were making money trading viruses," said Patrik Runald, F-Secure's senior security specialist. "Just like any other business, they want to improve and constantly evolve."

Multiple malwares daily

Improved detection abilities of anti-malware software also account for the higher statistics, Runald said. "Malware authors are not necessarily releasing anything groundbreaking. It might simply be a new variant to avoid detection from signature-based anti-virus products. They can even release multiple malwares a day, depending on who they think they're fighting."

Runald said Storm Botnet was the top malware threat last year. "A conventional botnet has a central server in the network and all infected computers connect to this server to receive commands on what to do. By identifying the central server, IT security staff may shut down the botnet."

However, Storm Botnet is different because it uses peer-to-peer technology without a central server. "Anything within the network can be the controlling mechanism and it can change at any point in time. Hence, efforts to shut Storm down have not been completely successful," he added.

Runald recommended that enterprises use latest technology security products to minimize the risk of Storm infections. "Our integrated solution still checks for known virus signatures. But if it detects an unknown signature, we run it through what we call behavioral-based technology."