Problem solve Get help with specific problems with your technologies, process and projects.

Malware: The changing landscape

Malware is arguably growing faster than ever before, but not in ways the industry has come to expect. Even though the days of the superworm might be numbered, contributor Mike Chapple says it's time for organizations to adapt their defense postures because the next generation of threats won't be as easy to detect.

 There's more than one way to receive Threat Monitor

Listen to this malware tip on your computer or MP3 player.

McAfee Inc. recently achieved a depressing milestone, namely the inclusion of the 200,000th malware signature in its VirusScan database. Malware authors have certainly kept themselves busy; this achievement marks the doubling of the database in only 22 months. That's an especially striking statistic when it took eighteen years to build the database to the 100,000 signature mark.

Why the sudden surge? In addition to the natural growth of the malware "industry," we're also witnessing a change in tactics. Sure, we may see another Sasser, ILoveYou, Blaster or Sobig, but the days of the mega outbreak are numbered. Keen to preventative measures, virus authors are now writing variants that differ just enough to require new antivirus signatures. Many of these variants are self-mutating in an attempt to avoid current detection technologies.

The McAfee report also provides some interesting data on the diversity of the malware universe. In its Avert Labs blog, the vendor revealed its database composition:

So, what does all of this mean? It's clear that the threat environment is evolving over time. As the environment changes, security professionals must adapt their defenses to focus on the unknown. Here are three simple steps to mitigate such threats:

More information
on malware threats

Learn about antivirus future and directions in this tip.

Visit our resource center and learn how to reduce virus, worms and other malware threats.


  • Deploy and manage antivirus software. While this advice may seem obvious, ask yourself, are you 100% confident in your current antivirus infrastructure? If your internal audit group hasn't done so already, conduct a random audit of systems in your enterprise (both workstations and servers) and verify that they are properly configured and receive antivirus updates. Better yet, invest in an antivirus management solution to automate these tasks. These tools may even be covered in your existing antivirus license agreement. Symantec customers can use Enterprise Edition while McAfee customers have ePolicy Orchestrator.
  • Consider content filtering. Many enterprises now filter outbound traffic. While often driven by legal/regulatory compliance concerns, content filtering can play a valuable role in protecting enterprise systems from malicious code by blocking access to sites known to publish hostile code or act as "phone home" servers for malware.
  • Implement a defense-in-depth strategy. Antivirus software is not a cure-all. It's designed to detect known threats, but someone is going to be the first victim of a zero-day virus. It's important to use perimeter protection technologies (such as firewalls and intrusion prevention systems) and system management tools to provide layers of defense for your enterprise.
  • Unfortunately, the cat-and-mouse game of malware and information security will not end anytime soon. However, researchers are hard at work developing new defensive technologies. We're also likely to see evolutionary changes over the next few years designed to meet the demands of the changing risk environment. In the meantime, steel your defenses and protect your organization against malware incidents.

    About the author:
    Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

This was last published in October 2006

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.