Malware: The ever-evolving threat

Malicious software, or malware as it is commonly known, is a relatively dynamic category of threats. The techniques used to destroy data, disrupt services, and steal information have evolved to adapt to changes in security practices and countermeasures. For example, antivirus countermeasures can detect many viruses and worms by searching for patterns in the binary code that appear in the virus but not in other programs. These patterns are essentially digital fingerprints that are used to identify the threatening software. In response, virus writers developed stealth techniques to mask their malicious code (see Figure 3.1).

Figure 3.1: Malware and their countermeasures change in response to each other.

Today's viruses are much more complex than the early boot-sector viruses that brought malware to the attention of IT users; they are also just one of several types of malware that now pose threats to information assets. Other common forms of malware include:

• Worms—Exploit vulnerabilities in operating systems (OSs), network services, and applications to propagate and cause damage
• Keyloggers—Capture keystrokes and transmit them to the attacker
• Video frame grabbers—Copy the contents of what appears on a computer display and transmit it to the attacker
• Rootkits—Hide the presence of themselves and other malware
• Trojan horses—Appear to be legitimate but in fact contain malware such as keyloggers and spyware

The countermeasures developed for detecting viruses can often detect other forms of malware as well. Deploying antivirus programs on client devices and scanning network traffic as it enters the network are appropriate countermeasures for combating malware. In addition, locking down client devices—for example, denying most users the privileges needed to install software or update the Windows registry—can prevent the installation of malware that manages to avoid detection.

Another effective, but easily overlooked, countermeasure is security awareness training. It is common knowledge now that you should not open an email attachment sent from someone you do not know. Less well known are tips such as avoiding sites that may harbor malware, such as peer-to-peer file sharing sites, and not downloading browser plug-ins that may be Trojan horses. Keeping users aware of the changing tricks and techniques used by malware developers and cyber-attackers is an effective complement to the technical countermeasures that are essential to preserving information assets.

For more information about malware and related in-bound threats, see Chapter 2.

How to Assess and Mitigate Information Security threats
  Introduction
  Malware: The ever-evolving threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

BROWSE BY TAG Malware, Viruses, Trojans and Spyware,   Emerging Information Security Threats,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Emerging Information Security Threats Hackers to sharpen malware, malicious software in 2010 Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary