Half of Malware strains are junked in less then a day

Discussion in 'malware problems & news' started by Malcontent, Aug 13, 2009.

Thread Status:
Not open for further replies.
  1. Malcontent

    Malcontent Registered Member

    Dec 30, 2005
    Cleveland, Ohio USA
  2. Rmus

    Rmus Exploit Analyst

    Mar 16, 2005
    This is nothing new, of course, and anyone familiar with the Storm/Nuwar exploits (2 years ago) will remember that the binary code changed more often than once per day. See some references below.

    The article appears in The Register, and I wonder what audience it's aimed at. Certainly not those who follow security, for it's quickly dismissed since it offers nothing really new, nor anything useful for protection. To wit,

    Well, maybe not, unless you are part of the audience, the group of people, who are not informed and most likely to depend on AV as your sole protection. Hence, the dire warning about lack of AV detection would definitely make an impact. These people will become more afraid due to the tone of the article.

    However, those who work to help people become informed know to explain the two basic attack vectors for malware.

    • Those that circumvent the browser (drive-by attacks) -- these are easily handled by explaining proper browser configuration, and having security in place to intercept the drive by attempt to download the malware.

    • Those that depend on tricking the user to download/install. It's amazing to realize that the success of Storm creating botnets of millions of people was due mainly to the victims clicking on a link,


      then, agreeing to open an executable file to view a Valentine Card.


    However, as long as these writers limit their sources to AV security people, nothing of any real use will come of their articles, since they are stuck in that mode of thinking. Rarely do they offer any in depth thinking about prevention and basic security procedures. Too bad, for such a general audience could benefit from some simple explanations. All they are given, however, is a hope for the cloud-based stuff:


    REFERENCES: Storm Variants

    Storm Worm uses e-cards to push spam near all-time high
    Aug 21, 2007
    Storm of the Day
    Anticipated Storm-Bot Attack Begins

    Storm Worm - New Valentines Day e-card Attacks
    Feb 13 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.