Half of Malware strains are junked in less then a day

Discussion in 'malware problems & news' started by Malcontent, Aug 13, 2009.

Thread Status:
Not open for further replies.
  1. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    http://www.theregister.co.uk/2009/08/13/malware_arms_race/
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This is nothing new, of course, and anyone familiar with the Storm/Nuwar exploits (2 years ago) will remember that the binary code changed more often than once per day. See some references below.

    The article appears in The Register, and I wonder what audience it's aimed at. Certainly not those who follow security, for it's quickly dismissed since it offers nothing really new, nor anything useful for protection. To wit,

    Well, maybe not, unless you are part of the audience, the group of people, who are not informed and most likely to depend on AV as your sole protection. Hence, the dire warning about lack of AV detection would definitely make an impact. These people will become more afraid due to the tone of the article.

    However, those who work to help people become informed know to explain the two basic attack vectors for malware.

    • Those that circumvent the browser (drive-by attacks) -- these are easily handled by explaining proper browser configuration, and having security in place to intercept the drive by attempt to download the malware.

    • Those that depend on tricking the user to download/install. It's amazing to realize that the success of Storm creating botnets of millions of people was due mainly to the victims clicking on a link,

      storm-link.gif

      then, agreeing to open an executable file to view a Valentine Card.

      [​IMG]


    However, as long as these writers limit their sources to AV security people, nothing of any real use will come of their articles, since they are stuck in that mode of thinking. Rarely do they offer any in depth thinking about prevention and basic security procedures. Too bad, for such a general audience could benefit from some simple explanations. All they are given, however, is a hope for the cloud-based stuff:


    -rich


    REFERENCES: Storm Variants

    Storm Worm uses e-cards to push spam near all-time high
    Aug 21, 2007
    http://www.securecomputing.net.au/N...es-ecards-to-push-spam-near-alltime-high.aspx
    Storm of the Day
    2007-08-21
    http://isc.sans.org/diary.html?storyid=3298
    Anticipated Storm-Bot Attack Begins
    2007-12-24
    http://isc.sans.org/diary.html?storyid=3778

    Storm Worm - New Valentines Day e-card Attacks
    Feb 13 2008
    http://msmvps.com/blogs/harrywaldro...m-worm-new-valentines-day-e-card-attacks.aspx
     
Loading...
Thread Status:
Not open for further replies.