Requires Free Membership to View

 There's more than one way to receive Threat Monitor

Listen to this malware tip on your computer or MP3 player.

McAfee Inc. recently achieved a depressing milestone, namely the inclusion of the 200,000th malware signature in its VirusScan database. Malware authors have certainly kept themselves busy; this achievement marks the doubling of the database in only 22 months. That's an especially striking statistic when it took eighteen years to build the database to the 100,000 signature mark.

Why the sudden surge? In addition to the natural growth of the malware "industry," we're also witnessing a change in tactics. Sure, we may see another Sasser, ILoveYou, Blaster or Sobig, but the days of the mega outbreak are numbered. Keen to preventative measures, virus authors are now writing variants that differ just enough to require new antivirus signatures. Many of these variants are self-mutating in an attempt to avoid current detection technologies.

The McAfee report also provides some interesting data on the diversity of the malware universe. In its Avert Labs blog, the vendor revealed its database composition:

So, what does all of this mean? It's clear that the threat environment is evolving over time. As the environment changes, security professionals must adapt their defenses to focus on the unknown. Here are three simple steps to mitigate such threats:

More information
on malware threats

Learn about antivirus future and directions in this tip.

Visit our resource center and learn how to reduce virus, worms and other malware threats.

 

  • Deploy and manage antivirus software. While this advice may seem obvious, ask yourself, are you 100% confident in your current antivirus infrastructure? If your internal audit group hasn't done so already, conduct a random audit of systems in your enterprise (both workstations and servers) and verify that they are properly configured and receive antivirus updates. Better yet, invest in an antivirus management solution to automate these tasks. These tools may even be covered in your existing antivirus license agreement. Symantec customers can use Enterprise Edition while McAfee customers have ePolicy Orchestrator.
  • Consider content filtering. Many enterprises now filter outbound traffic. While often driven by legal/regulatory compliance concerns, content filtering can play a valuable role in protecting enterprise systems from malicious code by blocking access to sites known to publish hostile code or act as "phone home" servers for malware.
  • Implement a defense-in-depth strategy. Antivirus software is not a cure-all. It's designed to detect known threats, but someone is going to be the first victim of a zero-day virus. It's important to use perimeter protection technologies (such as firewalls and intrusion prevention systems) and system management tools to provide layers of defense for your enterprise.
  • Unfortunately, the cat-and-mouse game of malware and information security will not end anytime soon. However, researchers are hard at work developing new defensive technologies. We're also likely to see evolutionary changes over the next few years designed to meet the demands of the changing risk environment. In the meantime, steel your defenses and protect your organization against malware incidents.

    About the author:
    Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

This was first published in October 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.