The Troubling Evolutionary Success of Malware
The five tactical keys to the success of today’s viruses and malicious software
As malware evolves at an increasingly accelerated speed, it’s becoming more and more difficult for antivirus software to keep up. This year’s Microsoft Security Intelligence Reports indicated that over 40 million Windows systems were infected with some form of malware last year. Google researchers found that only 25% of real-world malware was detected by common antivirus scanners. Even when they were combined, the scanners were only able to detect 40% of infected downloads.
In order to defend against them, we need to know what is contributing to their success. Security experts have identified five strategies that make today’s malware so successful.
1. Start with the old and sick.
Out-dated and under protected computers are easy prey for viruses and malware. According to Microsoft’s Security Intelligence Report, systems with out-of-date antivirus software, unpatched system software, or no defenses at all have a 1-in-80 chance of being infected on any given month. Whereas a fully-patched, fully updated and protected system has a 1-in-500 chance.
2. Infect in real-time.
Instead of being attached to emails, which give a scanner time to find it, viruses today are coming through a browser or live internet connection. These types of malware can evade detection up to 4 times longer than email-associated malware.
3. Change faces.
Viruses and malware are more frequently able to adapt and change on the fly in order to escape detection. This polymorphism adds a level of randomness that makes it difficult for a scanner to recognize and detect its signature.
4. Lay low.
Just as some pathogens in the real world have a period of time where they lay dormant inside the body, malicious programs can be programed to sleep until a certain action or passage of time activates them.
5. Hiding is half the battle.
Malware today is becoming increasingly adept at actively hides itself from scanners. This evading is so crucial for the program to succeed that over half of its code may be dedicated to bypassing a system’s defenses.
Original article by Robert Lemos.
Read the full story here.