Forgot your password?
typodupeerror
Security IT

The Rise of Polymorphic Malware 202

Posted by Unknown Lamer
from the dot-zip-dot-pdf-dot-virtual-exception dept.
twoheadedboy writes "The level of aggressive, polymorphic malware intercepted by Symantec doubled in July, when compared to figures from six months ago. This kind of malware has been typically found inside an executable within an attached ZIP file disguised as a PDF file, and is pretty darn good at getting around traditional anti-virus products. 'There are powerful Darwinian forces acting on the development of malware by criminals,' said Martin Lee, senior software engineer at Symantec. 'Those who look to innovate and improve their malware tend to infect more computers and acquire the resources to reinvest in further development and innovation.'"
This discussion has been archived. No new comments can be posted.

The Rise of Polymorphic Malware

Comments Filter:
  • by fuzzyfuzzyfungus (1223518) on Tuesday July 26, 2011 @01:21PM (#36885946) Journal
    Given the frequency with which a cracked webmail account or compromised PC with an email client will immediately start spamming its former owner's entire address book, expecting the "people you know" rule to save you is fairly naive...
  • by CohibaVancouver (864662) on Tuesday July 26, 2011 @01:42PM (#36886170)

    If you use Adblock and Noscript, it is nearly impossible to get infected. Why that functionality is not in every browser and enabled by default I simply don't understand.

    I have good enough karma with Slashdot that I'm given the option to disable ads. I don't. Why? Because ads fund Slashdot and keep it free. If ad blockers were on by default most of the sites people like and use would go out of business.

  • by Doc Ruby (173196) on Tuesday July 26, 2011 @01:42PM (#36886176) Homepage Journal

    I'd like to see the OS, especially one like Android in the hands of unsupported, naive, and promiscuous users, require permissions for InterProcess Communication the it does for files. And for DB access. All strongly typed. Those kinds of familiar patterns in combination, upon every access between processes on objects. Mediated by an OS capable of supporting the user and using a support Internet to warn others when threats (or patterns that represent threats) appear to correlate to risky objects of the same kind.

    The OS and Internet should act as an integrated immune system bathing our objects, not just a special case intervention when opening the first file from an email. Dedicate one or two cores of these multicore CPUs (and prefilter at servers for smaller/mobile devices). Attacks are now the norm, not the exception. The network and OS infrastructure design should recognize the new reality.

  • by jdgeorge (18767) on Tuesday July 26, 2011 @01:43PM (#36886190)

    Isn't the problem that the application that renders the PDF/Flash/etc attachment has access to resources on the system that shouldn't be allowed?

    In other words, why aren't all attachments files rendered by applications running in a "jail"?

  • Sigh (Score:5, Insightful)

    by Sycraft-fu (314770) on Tuesday July 26, 2011 @02:24PM (#36886646)

    I get real tired of this one. This naive geek idea that OSes can be made perfect and somehow immune to viruses. News flash: They can't, at least not if you wish to keep the ability to run arbitrary code. The only way to make an OS safe against viruses is the Apple "walled garden" idea where only authorized apps run. Even then, you could potentially sneak something by the authority that says if apps are ok. However so long as you can run arbitrary code, you can run evil code. There is no evil bit, the computer will execute anything it is given.

    Please remember when talking about malware as opposed to worms you are talking about stuff that comes in to the computer through user action. It is bundled with an application, or is an app all by itself. The user downloads and runs it. There is no patching against that.

    Also you have the silly idea of "if something isn't 100% effective it shouldn't be used." Bullshit. Look at security in the real world some day, where there is no such thing, ever, as perfect security. You get used to the concept that everything is fallible and you need defense in depth. Virus scanners help provide that defense in depth. They scan incoming things for known threats (by the way good ones are updated more than once a day). It is not your only line of defense, but one of them.

    Run a virus scanner, and run as a deprivledged user, and patch your OS, and make sure to get software from trusted sources, and monitor your system, and so on. Don't have a defense, have layers. Only then do you have a real security solution.

    PS, web executables can be sandboxed on Windows, IE does this, other browsers just don't care to use the interface to do so.

The only thing cheaper than hardware is talk.

Working...