Experts predict new path for malicious code, antivirus products |
 |
By Shawna McAlearney, News Editor
16 Jun 2005 | SearchSecurity.com |
|
|
Gazing into a crystal ball won't accurately predict the future of malicious code threats, but experts say that current trends point to a serious upswing in customized phishing attacks, adware, spyware and devastating botnet attacks in the next few years.
"Attackers are setting up botnets with 10,000, 50,000, 100,000 or more systems," warned Ed Skoudis, a noted author and security consultant. "In the near future, command and control across the botnets will improve, giving attackers all kinds of interesting emergent properties [allowing them to] create distributed virtual super computers using bots."
Those botnets will be used to crack crypto keys 10,000 times
faster or more, said Skoudis. And they'll phish through a botnet, so instead of having one Web site gathering financial information, they'll have a distributed Web site, making it much harder to shut down. In terms of attacks, they will use, 1,000 machines to scan for one vulnerable port each instead of having one machine scan 1,000 ports, vastly increasing their chances of compromising a number of systems.
Money is the motivator
"The greatest threat to us is the role of money as a motivator for cybercrime," said Amrit Williams, a research director for Stamford, Conn.-based Gartner's Information Security and Risk practice. "This new era of malware will make every attempt to be stealthier in nature, more sophisticated in its execution and far more devastating in its payload."
Impact to users
At the recent Gartner IT Security Summit, analyst John Girard said currently 30% to 40% of IT helpdesk calls are spyware related.
But spyware will mature, Williams said, and will move from being a productivity drain on users and support departments to a data/information loss issue as it becomes more stealthy and is used more for criminal financial gain.
"Spyware and phishing are on the rise, but they don't cause as many operational issues as bots," said Kimberley Laris, IT controls manager for The Timberland Company in Stratham, N.H. "Bots absorb significant network bandwidth, operational productivity and manpower to correct affected computers.
"A saturation point is approaching for the current AV vendor technology deployments on servers and end-user machines," she added. "There is a great need for network and Internet filtering of traffic prior to the end points."
New direction for AV?
"Bots and worms are now being written with the goal of installing adware -- these things are going to be around for the next two to three years," said Roger Thompson, director of malicious content research at Islandia, NY-based Computer Associates. "AV vendors will respond by moving away from AV signatures because bad guys have figured out how to get around them. Signatures are still important to clean this crud of your systems but they will no longer be the first line of defense."
Vincent Weafer, senior director at Symantec Security Response, also sees AV products evolving. Rather than remaining simply signature-based, we'll see vendors focus more on heuristics and move toward behavior-, protocol-, anomaly- and policy-based lines of defense.
Skoudis believes that signatures augmented with behavior-based anomaly detection will better secure networks. "So, five years from now, we'll still have sigs for the most common malware, but we'll also have good behavior checks. Stuff like, 'Gee, you really shouldn't be writing to a hundred different files' and, 'Why is this thing trouncing around in memory that way?'"
|
|
|
|
