Reports about the death of traditional signature-based antivirus software are premature. As the threat landscape evolves, so too must antivirus software to provide both signature- and behavioral-based protection. Effective endpoint security must also incorporate technologies such as endpoint firewall, host intrusion prevention and network access control.

Until recently, attackers were in it for the fame and notoriety of hacking a corporate network. Financial gain was rarely the motivation. This has changed, and corporate networks have never been at so much risk. Attacks are increasingly silent and insidious, targeting sensitive and confidential business data.

Click to see: Threat evolution timeline

Twice a year Symantec releases its Internet Security Threat Report (ISTR), a vendor- and product-neutral examination of the current Internet threat environment. ISTR Vol. XII, released in September 2007, covers the period from Jan. 1 to June 30, 2007. It shows a dramatic increase in instances of data theft, data leakage and the creation of targeted, malicious code for the purpose of stealing confidential information for financial gain.

As attackers have become increasingly financially motivated, they have optimized the capabilities of a broad spectrum of attack methods. MPack is a notable example that emerged in the first half of 2007. This commercially available black-market attack tool kit incorporates malicious code, spam and exploits for Web browser vulnerabilities. It can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised Web site.

Multistaged attacks often incorporate an initial Trojan that downloads a back door, which in turn can allow the attacker to set up a phishing Web site. This suggests that exploit code developers, malicious code authors, spammers and phishers may be collaborating for mutual gains. It also indicates that a new type of attacker has emerged who is versed in all types of attacks and is extremely flexible in his methodology and motives.

The multistage methods have led some analysts to question the value of traditional signature-based antivirus software. Yankee Group analyst Andrew Jaquith in December 2006 published a paper, “AntiVirus is Dead: Long Live Anti-Malware,” saying his objective was to “bust everybody’s bubble that (signature-based antivirus) is keeping people safe and the notion it will solve your malware problems.”