|
| |
|
Archive |
|
|
|
Want to become one of our authors and see your work published on Viruslist.com? Contact us!
|
| | |
|
|
| |
Home / Analysis
Malware Evolution: July - September 2006
| Nov 20 2006 |
|
Kaspersky Lab presents the latest quarterly report on malware evolution
|
|
| |
The report includes a great analysis of key facts. Congratulations. However, I don't quite agree with the conclusion.
We have a deadlock in innovation and attack speed, but the landscape has changed significantly in other aspects like motivation and tactics. Let me start with a question:
Are criminals really slowing down their development of malware or are they employing different tactics to just stay under the radar of the AV industry (e.g. mass-infecting worms vs. trojans for targeted attacks)?
There are far less massive attacks and in this context the overall damage has decreased, but what about targeted attacks? How is the AV industry tackling this phenomena and making sure they are able to pick up this threats and put them into their statistics as well?
Targeted attacks means less victims, but also less risk (fewer chances of detection and prosecution) and more profit.
How much money made Jeffrey Lee Parson of Hopkins, the author of one of the variants of the Blaster Worm? He only got a few days of fame with his friends, a considerable amount in fines and a ticket to jail. Compare that to the authors of the trojan horse involved in the "israeli trojan horse scandal". They were finally caught but it took many months for the AV industry to include the malware in their signatures after it was discovered by investigators.
The reason why criminals don't excel in innovation these days is not because security controls have finally stopped them. They just don't need to. There is no real need for complex metamorphic or cryptographic techniques for hiding, all that criminals have to do is make simple, and unique pieces of malware that behave as "normal" as possible. That's all they need to counter blacklist based protections and behavioral based detection in many products (plus, remember that they are in a position to test their creations against AV products before being released).
Malware that opens... |
|
|
|
| |
The report includes a great analysis of key facts. Congratulations. However, I don't quite agree with the conclusion.
We have a deadlock in innovation and attack speed, but the landscape has changed significantly in other aspects like motivation and tactics. Let me start with a question:
Are criminals really slowing down their development of malware or are they employing different tactics to just stay under the radar of the AV industry (e.g. mass-infecting worms vs. trojans for targeted attacks)?
There are far less massive attacks and in this context the overall damage has decreased, but what about targeted attacks? How is the AV industry tackling this phenomena and making sure they are able to pick up this threats and put them into their statistics as well?
Targeted attacks means less victims, but also less risk (fewer chances of detection and prosecution) and more profit.
How much money made Jeffrey Lee Parson of Hopkins, the author of one of the variants of the Blaster Worm? He only got a few days of fame with his friends, a considerable amount in fines and a ticket to jail. Compare that to the authors of the trojan horse involved in the "israeli trojan horse scandal". They were finally caught but it took many months for the AV industry to include the malware in their signatures after it was discovered by investigators.
The reason why criminals don't excel in innovation these days is not because security controls have finally stopped them. They just don't need to. There is no real need for complex metamorphic or cryptographic techniques for hiding, all that criminals have to do is make simple, and unique pieces of malware that behave as "normal" as possible. That's all they need to counter blacklist based protections and behavioral based detection in many products (plus, remember that they are in a position to test their creations against AV products before being released).
Malware that opens... |
|
|
|
| |
The report includes a great analysis of key facts. Congratulations. However, I don't quite agree with the conclusion.
We have a deadlock in innovation and attack speed, but the landscape has changed significantly in other aspects like motivation and tactics. Let me start with a question:
Are criminals really slowing down their development of malware or are they employing different tactics to just stay under the radar of the AV industry (e.g. mass-infecting worms vs. trojans for targeted attacks)?
There are far less massive attacks and in this context the overall damage has decreased, but what about targeted attacks? How is the AV industry tackling this phenomena and making sure they are able to pick up this threats and put them into their statistics as well?
Targeted attacks means less victims, but also less risk (fewer chances of detection and prosecution) and more profit.
How much money made Jeffrey Lee Parson of Hopkins, the author of one of the variants of the Blaster Worm? He only got a few days of fame with his friends, a considerable amount in fines and a ticket to jail. Compare that to the authors of the trojan horse involved in the "israeli trojan horse scandal". They were finally caught but it took many months for the AV industry to include the malware in their signatures after it was discovered by investigators.
The reason why criminals don't excel in innovation these days is not because security controls have finally stopped them. They just don't need to. There is no real need for complex metamorphic or cryptographic techniques for hiding, all that criminals have to do is make simple, and unique pieces of malware that behave as "normal" as possible. That's all they need to counter blacklist based protections and behavioral based detection in many products (plus, remember that they are in a position to test their creations against AV products before being released).
Malware that opens... |
|
|
|
| |
The report includes a great analysis of key facts. Congratulations. However, I don't quite agree with the conclusion.
We have a deadlock in innovation and attack speed, but the landscape has changed significantly in other aspects like motivation and tactics. Let me start with a question:
Are criminals really slowing down their development of malware or are they employing different tactics to just stay under the radar of the AV industry (e.g. mass-infecting worms vs. trojans for targeted attacks)?
There are far less massive attacks and in this context the overall damage has decreased, but what about targeted attacks? How is the AV industry tackling this phenomena and making sure they are able to pick up this threats and put them into their statistics as well?
Targeted attacks means less victims, but also less risk (fewer chances of detection and prosecution) and more profit.
How much money made Jeffrey Lee Parson of Hopkins, the author of one of the variants of the Blaster Worm? He only got a few days of fame with his friends, a considerable amount in fines and a ticket to jail. Compare that to the authors of the trojan horse involved in the "israeli trojan horse scandal". They were finally caught but it took many months for the AV industry to include the malware in their signatures after it was discovered by investigators.
The reason why criminals don't excel in innovation these days is not because security controls have finally stopped them. They just don't need to. There is no real need for complex metamorphic or cryptographic techniques for hiding, all that criminals have to do is make simple, and unique pieces of malware that behave as "normal" as possible. That's all they need to counter blacklist based protections and behavioral based detection in many products (plus, remember that they are in a position to test their creations against AV products before being released).
Malware that opens... |
|
|
|
| |
The report includes a great analysis of key facts. Congratulations. However, I don't quite agree with the conclusion.
We have a deadlock in innovation and attack speed, but the landscape has changed significantly in other aspects like motivation and tactics. Let me start with a question:
Are criminals really slowing down their development of malware or are they employing different tactics to just stay under the radar of the AV industry (e.g. mass-infecting worms vs. trojans for targeted attacks)?
There are far less massive attacks and in this context the overall damage has decreased, but what about targeted attacks? How is the AV industry tackling this phenomena and making sure they are able to pick up this threats and put them into their statistics as well?
Targeted attacks means less victims, but also less risk (fewer chances of detection and prosecution) and more profit.
How much money made Jeffrey Lee Parson of Hopkins, the author of one of the variants of the Blaster Worm? He only got a few days of fame with his friends, a considerable amount in fines and a ticket to jail. Compare that to the authors of the trojan horse involved in the "israeli trojan horse scandal". They were finally caught but it took many months for the AV industry to include the malware in their signatures after it was discovered by investigators.
The reason why criminals don't excel in innovation these days is not because security controls have finally stopped them. They just don't need to. There is no real need for complex metamorphic or cryptographic techniques for hiding, all that criminals have to do is make simple, and unique pieces of malware that behave as "normal" as possible. That's all they need to counter blacklist based protections and behavioral based detection in many products (plus, remember that they are in a position to test their creations against AV products before being released).
Malware that opens... |
|
|
|
| |
The report includes a great analysis of key facts. Congratulations. However, I don't quite agree with the conclusion.
We have a deadlock in innovation and attack speed, but the landscape has changed significantly in other aspects like motivation and tactics. Let me start with a question:
Are criminals really slowing down their development of malware or are they employing different tactics to just stay under the radar of the AV industry (e.g. mass-infecting worms vs. trojans for targeted attacks)?
There are far less massive attacks and in this context the overall damage has decreased, but what about targeted attacks? How is the AV industry tackling this phenomena and making sure they are able to pick up this threats and put them into their statistics as well?
Targeted attacks means less victims, but also less risk (fewer chances of detection and prosecution) and more profit.
How much money made Jeffrey Lee Parson of Hopkins, the author of one of the variants of the Blaster Worm? He only got a few days of fame with his friends, a considerable amount in fines and a ticket to jail. Compare that to the authors of the trojan horse involved in the "israeli trojan horse scandal". They were finally caught but it took many months for the AV industry to include the malware in their signatures after it was discovered by investigators.
The reason why criminals don't excel in innovation these days is not because security controls have finally stopped them. They just don't need to. There is no real need for complex metamorphic or cryptographic techniques for hiding, all that criminals have to do is make simple, and unique pieces of malware that behave as "normal" as possible. That's all they need to counter blacklist based protections and behavioral based detection in many products (plus, remember that they are in a position to test their creations against AV products before being released).
Malware that opens... |
|
| | |
|
