Problem solve Get help with specific problems with your technologies, process and projects.

Seven trends to expect from virus and worm authors in 2006

This threat monitor tip outlines seven emerging trends among virus and worm writers, explains why it is important to implement enterprise-wide security measures and provides tools and tactics to defend against them.

According to antivirus vendor Sophos, in 2005 malware threats increased 48% from 2004, Trojans outnumbered traditional worms two-to-one, and one in 44 e-mails contained a viral payload. As 2005 ended, the malware scene transitioned from a teenage vandals' playground to a world of opportunity for cyber-criminals. So what will virus and worm authors do with this new opportunity? This tip outlines seven trends that you should expect to see from writers in the year ahead and reviews methods that mitigate these threats.

What we should expect to see in 2006

  1. Cyber-criminals will continue using viruses and worms as tools. In the past, attackers released malware primarily to watch their code propagate globally and to wreak havoc on users. However, members of organized crime have realized the potential of these technologies as a means to carry out identity theft, espionage and other cyber crime. As cyber-criminals continue to "professionalize" virus and worm creation, 2006 will see a number of changes in how malcode is created and distributed.


  2. Malware production pace will increase and quality will improve. As more criminal organizations become malware consumers, writers will be offered additional awards. These rewards will lead to the evolution of more sophisticated code, an introduction of new variants and more attention paid to evading detection. Additionally, 2006 will bring about a trend towards threat customization. These trends will challenge security vendors, for they will have to develop new technologies that can identify and respond to these threats as quickly as they do today.  
  3. Viruses and worms will become increasingly targeted. Rather than sending out mass e-mails to infect large numbers of random targets, authors will begin to craft their code to target specific user populations. Watch for more attacks similar to a May, 2005 Israeli incident in which large and well-known telecom companies used Trojan horse code to steal confidential documents from their competitors. In this case, a Trojan was distributed in CD-ROM presentations and sent to key executives, which when opened, infected their systems.


  4.  Malware will continue to target mobile devices such as phones and PDAs and embedded systems. Blackberries, Treos, smart phones and other pocket-sized mobile devices are becoming more powerful and contain more sensitive information. While malware writers have already targeted these devices most of these threats haven't been anything more than a nuisance. However, look for 2006 to mark the introduction of more sophisticated threats to mobile devices.


  5. Malware sources will increase – and the identities of the "perps" may be surprising. In 2005, Sony Music released music CDs which, when played on Windows computers, installed an anti-piracy software package. The package operated like a rootkit; it made changes to the operating system and hid its presence. The software contained a bug which, when exploited, would allow other malware to run undetected on the user's PC. As the value of digital content continues to rise and the ease of piracy keeps pace, similar incidents will likely increase this year.


  6.  Coordinated attacks will reduce the distinctions between these types of threats. As attackers continue to combine virus/worms, Trojans, spyware and "phishing" methods into increasingly more potent blended threats, the need for a unified anti-malware strategy combining antivirus, antispyware, antispam and anti-phishing solutions will be a major theme in 2006.


  7. Authorities will continue to take more significant action against malware creators. While convictions and prison sentences have been handed down in a number of cases, as law enforcement officials become more familiar with these technologies and threats, we can expect more legal action.

So, what can security practitioners do to protect themselves? Here are six methods that confront these new challenges head on.

    1. Be aware of the latest threats and communicate with your users. Education and awareness is the most cost effective way to secure your systems. Well-trained users are skeptical users and their hesitation to click on an unfamiliar attachment could save your organization a lot of expense and lost productivity.


    2. Provide an easy, consistent way for users to report potential problems and ask questions. If your users know what to expect from their systems, and have a way to report suspicious behavior, you will catch malware outbreaks much earlier.


    3. Ensure that your malware strategy covers all the bases. Your plan should incorporate viruses/worms, Trojan defenses, and spyware and phishing as well. Just as the bad guys are moving to a blended threat mode to increase the effectiveness of their attacks, you need to move to a blended defense model to counter them. By creating a unified strategy, you also reduce the risk of unforeseen interactions between different components, such as antispyware interfering with antivirus software. The market is still maturing in this area and you'll need to check your configuration settings to avoid overlapping functionality – many antivirus programs are starting to detect spyware as well and having multiple sets of popups and messages may confuse users.


    4. Plan for added malware protection as the mobile threat increases and the tools evolve. Mobile devices are also a fertile area for awareness and education, for many users don't stop to think about what is on their phone or PDA. While antivirus solutions are on the market for handheld devices, it is still unclear as to whether the protection that they provide is worth the additional cost and administration. The fact that many organizations have users with a wide variety of self-purchased handhelds does not help either; if your organization relies on handhelds for core business functions, consider equipping users with company owned and managed devices which can be configured to protect against malware threats.


    5.  Monitor your antivirus vendors' response time to new threats. Choose vendors who can keep up with the bad guys.


    6.  Make your users' home PCs part of the security program. If employees take work home or access the corporate network from their own PC, help them secure these systems so that they don't become a gateway to your network for malware.
  • About the author
    Al Berg, CISSP, CISM is the Director of Information Security for Liquidnet ( Liquidnet is the leading electronic venue for institutional block equities trading. According to INC. magazine in 2004, Liquidnet was the fastest growing privately held financial services company in the US and the 4th fastest growing privately held company in the US across all industries.
This was last published in January 2006

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.