Malware: The ever-evolving threat

Malicious software, or malware as it is commonly known, is a relatively dynamic category of threats. The techniques used to destroy data, disrupt services, and steal information have evolved to adapt to changes in security practices and countermeasures. For example, antivirus countermeasures can detect many viruses and worms by searching for patterns in the binary code that appear in the virus but not in other programs. These patterns are essentially digital fingerprints that are used to identify the threatening software. In response, virus writers developed stealth techniques to mask their malicious code (see Figure 3.1).

Figure 3.1: Malware and their countermeasures change in response to each other.

Today's viruses are much more complex than the early boot-sector viruses that brought malware to the attention of IT users; they are also just one of several types of malware that now pose threats to information assets. Other common forms of malware include:

• Worms—Exploit vulnerabilities in operating systems (OSs), network services, and applications to propagate and cause damage
• Keyloggers—Capture keystrokes and transmit them to the attacker
• Video frame grabbers—Copy the contents of what appears on a computer display and transmit it to the attacker
• Rootkits—Hide the presence of themselves and other malware
• Trojan horses—Appear to be legitimate but in fact contain malware such as keyloggers and spyware

The countermeasures developed for detecting viruses can often detect other forms of malware as well. Deploying antivirus programs on client devices and scanning network traffic as it enters the network are appropriate countermeasures for combating malware. In addition, locking down client devices—for example, denying most users the privileges needed to install software or update the Windows registry—can prevent the installation of malware that manages to avoid detection.

Another effective, but easily overlooked, countermeasure is security awareness training. It is common knowledge now that you should not open an email attachment sent from someone you do not know. Less well known are tips such as avoiding sites that may harbor malware, such as peer-to-peer file sharing sites, and not downloading browser plug-ins that may be Trojan horses. Keeping users aware of the changing tricks and techniques used by malware developers and cyber-attackers is an effective complement to the technical countermeasures that are essential to preserving information assets.

For more information about malware and related in-bound threats, see Chapter 2.

How to Assess and Mitigate Information Security threats
  Introduction
  Malware: The ever-evolving threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Viruses, Worms and Other Malware New defenses for automated SQL injection attacks Information security book excerpts and reviews Yahoo, McAfee to warn users of dangerous websites Botnets and ethics Interview: Jim Kirkhope of NCR Trojan downloaders, droppers skyrocket, Microsoft says New phishing, Zeus Trojan technique spreads crimeware Researchers uncover tool used to infect websites, spread malware RSA 2008: Defeating botnets Malware found on HP ProLiant server USB keys Spyware, Adware and Trojans Stolen data ending up in Google cache, say researchers Information security book excerpts and reviews Yahoo, McAfee to warn users of dangerous websites Botnets and ethics Security Services: Webroot Email Security SaaS Interview: Jim Kirkhope of NCR Trojan downloaders, droppers skyrocket, Microsoft says Kraken botnet balloons to dangerous levels New Storm attack exploits April Fool's Day Panda latest AV firm trying to adapt with the times Spyware, Adware and Trojans Research Emerging Information Security Threats Hidden endpoints: Mitigating the threat of non-traditional network devices Has proof-of-concept mobile device malware translated into any meaningful attacks? Web threats, compromised websites skyrocket Adobe Flash Player flaw previously patched, Symantec says Adobe zero day flaw being actively exploited in wild When will attackers go mobile? New wave of SQL injection attacks alarm researchers Kaminsky on DNS rebinding attacks, hacking techniques Face-Off: Is vulnerability research ethical? New SQL injection technique threatens Oracle databases

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) Mytob  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary