Symantec warns of aggressive surge in polymorphic malware

Discussion in 'malware problems & news' started by hawki, Jul 26, 2011.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Dec 17, 2008
    DC Metro Area

    Aggressive polymorphic malware doubles in July

    Cyber criminals were increasingly aggressive with their targeted attacks in July, upping their use of polymorphic malware.

    Of all email-borne malware samples intercepted by Symantec in July, 23.7 per cent were what the security giant described as “aggressively unstable or rapidly changing forms of generic polymorphic malware.”

    This was more than double the same figure six months ago - an “alarming proliferation in such a short time,” according to Symantec.

    This kind of malware has been typically found inside an executable within an attached ZIP file disguised as a PDF file.

    Polymorphic malware is particularly good at bypassing traditional anti-virus software.

    “The most recent samples were specifically designed to evade detection by software emulators that often form part of the anti-virus engine installed on a target PC. Software emulation is designed to analyse the code and follow the flow of instructions, but only up to a point,” the Symantec report read.

    “One design element of this new breed of malware includes a series of unnecessary ‘jump’ instructions in the start-up code, which are introduced in between the real instructions specifically to confound the anti-virus engine detection.”

    Many have pointed to the risks of relying too heavily on anti-virus to protect an organisation.

    Martin Lee, senior software engineer at Symantec, called on anti-virus providers to develop their products in line with cyber criminal innovation.

    “There are powerful Darwinian forces acting on the development of malware by criminals,” Lee told IT Pro.

    “Those whose malware is easily detectable fail to infect computers, and fail to thrive in the cyber crime environment. On the other hand, those who look to innovate and ‘improve’ their malware, tend to infect more computers and acquire the resources to reinvest in further development and innovation.”

    As for whether the rise of aggressive, polymorphic malware will be sustained, Lee was unsure.

    “Malware innovation and development never runs backwards. If the malware writers have mastered how to deploy polymorphic techniques and this provides clear benefits to the distribution of malware, then we will certainly see more of this technique used in the malware in circulation,” he added.

    “On the other hand, if it less successful than the malware writers hoped, and it proves difficult to use in practice, then we may not see the technique sustained. It's early days, we need to wait and see."
  2. J_L

    J_L Registered Member

    Nov 6, 2009
    Isn't heuristics effective against these?
  3. lotuseclat79

    lotuseclat79 Registered Member

    Jun 16, 2005
    Hi J_L,

    Heruristics can only go so far until innovation in malware does an end-around run on its perimeter defenses. Note: innovation in malware is a daily occurence, e.g. SpyEye + Zeus.

    -- Tom
  4. x942

    x942 Guest

    And this is why I use a VM to browse the web (Linux) and use SRP with real-time defenses. :thumb: Nothing can beat that.
  5. elapsed

    elapsed Registered Member

    Apr 5, 2004
    Good thing Symantec protects me with their DNS service and Hotmail protects me with SmartScreen.
  6. Hungry Man

    Hungry Man Registered Member

    May 11, 2011
    Meh. There are so many ways to defend against malware. It's not like polymorphic is new. It's just that a simple AV won't be enough.

    I personally am not afraid (at all) of a polymorphic malware.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.