Over the last couple of years there has been a marginal incline in the sophistication of malware, something that security experts and researchers have managed to stay one step ahead of. That is, until recently. According to the specialists at Symantec, the alterations to malware development in the next few years will far outweigh the changes seen in the past, painting a bleak picture when you consider how much longer it takes for operating systems and browsers to be released. Are the technologies behind malware advancing that rapidly?
The truth is, no one really knows. Presently the situation seems intimidating when you look at some of the latest trends hitting the global computer network, so there may very well be a chance of malware reaching a point where software security can no longer keep up.The world of malware is highly competitive. All malware is in competition to infect the largest percentage of the Internet community, with malware authors waging a war amongst themselves.
Some targets of malware are seeing a definitive increase in the attacks against them. The more popular amongst these are mobile devices, Instant Messaging (IM) and the players of Massive Multiplayer Online Roleplaying Games (MMORPG).
Mobile devices, while not a mainstream target in the United States, have been the recipients of numerous attacks in Japan and the Netherlands, where they have the latest cellphones and utilize them for such things as micro-payments, in order to purchase from vending machines. It appears to be less about controlling the device and more about social engineering.
Instant Messaging is becoming almost omnipresent, and attacks are apparently only going to keep on increasing as the various systems (AIM, MSN, YIM, etc.) start to allow messaging between them. In a similar vein are the MMORPG’s, where various in-game items are proving to hold real world value, at least to the players. Malware authors seeking to take advantage of this fact may seek to hack into your account and seel these items for their own personal gain.
A common and more important part of new and future malware trends appears to be social engineering. Gone are the days of simply exploiting a system’s vulnerability in order to gain access to personal and financial information data, now cybercriminals are getting assistance from the target, who are typically too inexperienced in the rather skillful manipulations of some hackers.
The widespread infection of both computer worms, viruses or Trojan horses spammed to millions are generally no longer considered a serious security threat, and instead, especially for organizations and corporations, targeted Trojan horses have become the highest concern.
Vincent Weafer, a senior director at Symantec Security Response, said, “Targeted Trojan horses are still a tiny amount of the overall threat landscape, but it is what the top corporations worry about most.” With the aid of carefully placed keyloggers or screen-scraping software, cybercriminals can more easily access specific computers. This method is used primarily in industrial espionage and other financially motivated crimes. Common attacks are more easily detected and halted by most security technology, but targeted attacks such as these can easily remain hidden. This is due to traditional products being unable to recognize the threat.
New methods and variants continue to be implemented, allowing these lesser-known and uncommon malware packages to keep their attacks going for a longer period of time, even if this means blatantly attacking the people who are trying to study them. There have been many new and improved attacks discovered in recent reports.
There was one piece of malware found during a forensics investigation on a desktop computer. This particular piece of malicious software had actually been pre-coded to steal specific information from the victim’s organization. It was also noted as being disposable so that it could vanish without a trace after performing its tasks.
In another instance, there was a malware written specifically to steal intellectual property. What was unusual about this malware, however, was that it could crawl different file types (Excel, PDF, etc.) for intellectual property to steal. Then it would encrypt and send the stolen data to a remote server.
Gunter Ollmann, vice president of research for Damballa, has observed another method used by cybercriminals called “hack-back”. While fighting back isn’t new for malware authors, Ollmann has stated that the “hack-back” feature allows the malware to detect if and when it is being studied by a researcher and immediately compromise the researcher’s machine. Some botnet malware has demonstrated the same defensive protocols, waging denial-of-service (DDoS) attacks on researchers if they get too close to the command-and-control (C&C) system.
In the case of the infamous Conficker worm, the malware actually blacklists investigators attempting to access the botnet server. Ollmann, however, has said that these types of techniques are still infrequent, and that either there are those malware authors out there investing a lot of time and money into these kinds of tactics, or tinkerers trying new techniques.
The Good News
While the future of malware may still be uncertain, there is no doubt that the dangers are real, and becoming more and more prominent. The good news, though, is that most of what we are already doing to protect ourselves should help to a degree. Firewalls, anti-virus and anti-spyware applications, IDS, limiting user rights; these are all great ways of keeping ourselves safe from these new malware installations, but will it be enough?