Top 5 Successful Malware Strategies to be on the Lookout For

Most people love when good wins over evil, so it is no surprise that most PC users believe the good guys, i.e. Internet security community, are winning the war on cybercrime. Unfortunately, this is far from the truth, as malware development is not child's play and has evolved from being just a hoax planted by a geeky teenager. Cybercrime is a bonafide, billion-dollar industry, and while money or greed is one of the lures, political warfare and power is gaining steam. Malware is malicious programs and tools used to carry out criminal acts online or via the Internet.

Cybercriminals invest loads of time and stolen money to sharpen their skillsets and develop warheads worthy of their opponents. Malware makers play off the weaknesses of digital defenses and human emotions or ignorance. According to Microsoft's 2012 Security Intelligence Report, over 40 million Windows systems were infected by malware. More surprising is findings of Google researchers whereby the four most common fake antivirus scanners were only detected 25% of the time by the best security defense tools. Overall, legitimate scanners only detected 40% of all malicious downloads.

So with all the continuous software updates, patches, security warnings and defense programs, why haven't we eradicated malware already? Here are five of the most successful malware warheads and strategies and possible explanation as to why they've succeeded thus far:

Most Successful Malware Strategy to Lookout For

Strategy #1: If your immune system is weak, the risk of catching a cold or another infection is greatly increased. The same goes for computers. If your system is in a weakened state, i.e. housing outdated or vulnerable software or lacking a stealth security solution, the chances of your system catching an infection is heightened. Microsoft's 2012 Security Intelligence Report noted more than 23% of Windows based systems are currently out-of-date. This same report gives vulnerable systems a 1 in 80 chance of becoming infected, which is why it is important PC users follow through and better guard their digital properties.

Strategy #2: The Internet has turned us into a microwave – right now - society. Real-time communications and downloads give defenders or defense programs little time to react. Typically, email delivery is delayed enough so that a signature can be developed and assigned within 5 days. However, other real-time communications, i.e. IM or Internet downloads, etc., can allow malware to terrorize much longer, for instance up to 20 days, before a signature can be developed and assigned. A security analyst with Palo Alto studied data from 1,000 companies and found more than 61% of 68,000 malware samples had slipped pass firewalls and email security gateways.

Strategy #3: Polymorphism is the ability for malware to change its face (i.e. interface) and supporting file names, a technique aiding in evading detection. Initially, polymorphic coding was limited to certain malware types, however, because of its success, more and more malicious programs are making frequent use of it so that behavior isn't repeated and thus throws off detection.

Strategy #4: Dormancy is another evasion technique being used. Malware that includes a sleep feature and that awaits human interaction, i.e. click or mouse movement, can foil sandboxing methods or other AV techniques.

Strategy #5: Malware that hides and is masked by aid of rootkit or other obfuscation tricks. In addition to labeling malicious files the same as legitimately used ones, i.e. browser or OS files and components, or even running only in memory.

Basically, the malware landscape and DNA has greatly changed and is more aggressive and sophisticated than past times. No longer can a PC user ignore safety warnings or rely solely on an AV tool to protect what is valuable, their data, system resources and Internet activities. The best Internet security is a marriage of AV protection and safe online habits displayed by the user. While there is no 100% guarantee your system will never be infiltrated and infected, employing the best Internet security greatly reduces your chances and readily mitigates attacks.