The Malware Storm

malwarestorm

The US Department of Homeland Security advised last week that users disable Java. This is unprecedented. The government felt a computing problem was so severe that it must intervene. Java is a real and present threat to not only our national security but our computers, privacy and wallets. The DHS has no motivation to sow misinformation or fear, and they should be heeded.

Virus writers are having a field day. A new industry has blossomed called Exploit Kits. Talented programmers sell their exploit kits for $3000 a pop to help their brethren malware writers deliver their payloads more effectively.

An exploit locates out-of-date software that allows the payload to be executed without user consent or knowledge. To be clear, just browse to a compromised web site, and you are infected. Malware coders have become quite competent at infecting random web sites, as well. So a good web site today, might be an infected one tomorrow.

Researchers estimate that over half of all infections are through a single kit called the Black Hole Kit. It is not possible for a layperson to obtain the Black Hole Kit, but research indicates that Black Hole’s primary target is JAVA.

Late in 2012, the NY Times published a controversial piece questioning the effectiveness of modern antivirus software. The shocking conclusion was that after an exhaustive analysis of over 40 antivirus products, there was only a 5% chance of detecting and defeating a new threat. That is, if a computer had 40+ antivirus products running simultaneously, there is a scant 5% chance that the computer would be safe from new threats.

The security industry’s response was quick and critical. The motivation, methodology and veracity of the report were questioned. One particularly seething rebuttal discredited the piece and concluded that people should spend as much as they can afford on multiple security solutions.

Ironically, the security industry is doing fine financially. In fact it’s a bonanza. As infections rise, we are spending more money on security software, as well as hiring technicians to remove the malware from our computers.

Security software detects and blocks malware employing a technique called black list. Once a virus is released into the wild, it begins infecting computers. During the infection period, the virus is trapped by a security company. The virus is tested, confirmed, and then added to the black list. Once added to a black list, the other security black lists are updated. As that happens, that particular virus begins to decline in infections and eventually dies.

Polymorphic viruses have caused an explosion in viruses.

Malware makers have found a hole in the black list methodology through a technique called morphing. Once a virus is written, the virus morphs, so that one virus appears to be a thousands to the antivirus software. Polymorphic viruses have created an explosion in malware. There is now more bad software than good software!

The morphing has created a headache for the security industry. The daily number of viruses to be analyzed has exploded. This is a manual process and many of the security heavy weights have created malware research centers in the Phillipines to keep up with the spike in malware. The problem though is that they have forgotten that these viruses are morphing. By the time, the virus has been identified and the black list updated, the virus is no longer in the wild.

Private planes, luxury yachts and all the trappings of wealth are the riches of the malware gold rush. The reason that malware exists is financial. They trick users into downloading their payload, and hold the computer hostage until their ransom is paid. This type of activity should be illegal, but the virus industry is thriving and awash in cash.

The nouveaux-rich virus barons are treating their business as a business. They have deadlines, program managers, product roadmaps, and all the workings of a modern software company. On their roadmap is Mac computers, iPhones, tablets and so on. It is just a matter of time.

About 10 years ago, we were on a similar path. Computers were infected with spyware that tracked activity and blanketed the screen with “contextual” popup advertising. The computer became useless, and trust was waning on the wonders of the Internet. Like today, the major security vendors dropped the ball. People were getting infected despite having the best security software money could buy. Like today, the software installed surreptitiously without our consent. A decade ago, it was called drive-by downloads; today it is called exploits and vulnerabilities.

We survived the storm of 10 years ago. The antispyware industry was born and ultimately consolidated into the antivirus industry. The most important event, however, was Microsoft’s launch of XP Service Pack 3. XPSP3 eliminated drive-by downloads and added a host of new security features. With one fell swoop, Microsoft stopped the spyware storm. Windows XPSP3 was not bullet proof, just made it a lot more difficult to infect. So hard, in fact, that firms such as WhenU and Gator were no longer financially viable.

We are at a crossroads. Like a decade ago, will the people conquer over the criminals that make viruses today? Unfortunately, Microsoft has lost its focus on making a great and secure operating system. A solution will arise, and it will be free like XP Service Pack 3 for quick adoption. I hope the criminals won’t know what hit them, and then the bankers can foreclose on those ill gotten mansions.

88 total views, 1 views today

(Visited 21 times, 1 visits today)

25 thoughts on “The Malware Storm

  1. I found that the free version of Malwarebytes Anti-Malware discovered and removed a threat my free AVG Anti-virus missed. I was running Windows Malicious Software Removal Tool (free as well), but they only update once a month. I recommend the paid version of AVG, which can be set to update every 4 hours and run a quick post-update scan, in conjunction with Malwarebytes which you can update each time before you run it.

  2. I am tired of this virus game. I would like to see some one write a program that would reside on the computer and report every virus it found as such. ” Virus (named) came from (other computer name)” then the program would be transmitted back to the origin computer reporting the virus came from that origin. Send the info to the authorities to help put a stop to it. IT IS TIME TO FIGHT BACK……

  3. Yes I disabled Java. Too bad the internet has become so full of traps. I have been plagued with phone calls from India wanting to fix problems with my computer.
    Also at lest two friends of mine have had their contact lists scammed and resulting in requests for help.
    I always keep a backup on an external hard drive. If I can’t fix a problem, I can download a working backup

  4. I would like to say this!

    If a Tyre was made that never wore-out all tyre companies would go broke!

    Virus Companies possibly employ Coders for thier own existence.

  5. Both Kaspersky and Avast have some form of sandboxing that creates a virtual browser for surfing the net. These have been proven to be effective for my clients. Other vendors may be on board with this technology, not sure which ones.

  6. Much to do about nothing! Common sense computing, and simple protective measures that we all should know about will take care of most of these “problems”

  7. Soooo….how many of you have turned off Java? I would be interested in knowing. I read the article and read it again….the writer of the article does not indicate whether he shut off Java or not….Seems like a scare article. Funny that pc pitstop sells their own virus and malware protection….

  8. anything that morphs should be quarinteened, backtracked to its source and deleted. It costs time and money, but so does malware.

  9. My Norton Security refused to load 1-23-13 on morning initial boot. The Norton guys were great, ended up doing a complete R&R! Massive download. 40 meg of upgrades in two days! It’s nuts, man – great article. Deleted Java as well. It’s stupid that these crooks are not being tracked down a prosecuted. As the article says, money talks. Sad state of affairs.

  10. M H, you are just fortunate, plain and simple. Many of these attacks come from compromised websites which can easily be the ABC news site or any other site the hackers have chosen to infect. Just as the article states, a known good website today may NOT be tomorrow.The instant you connect with a page from a compromised site your pc is infected. Gone are the days when if you frequently browsed porn sites or downloaded pirated software you were asking for infections. I know people who looked up a recipe on the food network and got infected until their webmaster discovered the infection, in the meantime thousands of users were infected in a short time. I remove malware from pc's on a daily basis and they have had so called protection installed using paid for subscriptions by Symantec, Kaspersky, McAfee, Bitdefender, Vipre as well as all of the free AV's available just to name a few, so I can tell you that none of them protected those pc's at all. Further to this many of these AV's were not even aware an infection was present on the system. I repeat, you are just lucky that you have not been infected.

    • @Bonnie Nitschke Sparks:

      i took java right out and i haven’t had a prob since i noticed java would allow alot in and once it was gone and i cleaned my system up better to do that then “upgrade” sad you got some peeps here stating its scaremongering well have fun fixing your machines lol

  11. I don’t know what you guys are doing with your computers, cause nothing is bothering me at all. Maybe people should stop downloading pirated junk… That’s what I do very little, I bet it’s the answer…

  12. Hi, I enjoyed the article, very revealing to me – not a well versed computer person. I uninstalled Java a few weeks ago, but have the free home version of the “avast!” antivirus for some years and it pleases me to see how many times per day it updates its virus definitions, and especially how well it intercepts infected files coming to my computer! Now, I wonder if these interceptions are real? :o)

  13. I was recently hit by one of those viruses and it was a terrible scare and a mess to fix. I now am afraid to go to any website that I am not purposely going. I recieved the warning that I had to pay 300.00 dollars for downlading illigal child pornography or illigal movies. I haven't done either and it still make me think it was for real. I changed all my passwords and finally found help through my cell phone brouser. I sincerely hope they do catch them soonl.

  14. A simple solution, far as I can see, is use a secure Linux OS and properly set up Firefox. NoScript, adblockplus, etc. added to it and used properly. Takes time to set up white lists and black lists, but, I believe worth it.

  15. Unfortunately if you wish to be on the internet, you have to take the bad along with the good. Not every antivirus program out there is going to be able to immediately stop your system from getting infected. Microsoft does provide a free virus scanner and remover for their users if you suspect that your computer has become infected. It has also contracted with Kaspersky to allow their users to use Kaspesky to remove the infection if their program can't. I'd say overall Microsoft has tried to protect its users as much as it can. Sad fact of the matter is that there are more people out there that are writing programs for malware and other virus' than Microsoft or any antivirus developer can keep up with.

  16. Not sure that Microsoft has 'lost it's focus'. Consider now that the latest version of Windows has in built antivirus already installed out of the box. It is no longer necessary to add or bolt on any third party software for basic in built security. Microsoft can't do everything though, they have had to remove Java, & provide alternative browser links to third party vendors for ages to ensure they meet competition laws. Lets hope they don't have to do that as well with Defender. Things have to move on using technologies like UEFI & Applications that can only be installed through a vetted Store. Most problems are PEBKAM. As long as end users hang on to obsolete technologies like XP their risk element becomes more than a 'responsibility'. Microsoft have also acted to put things right with taking down botnets. Just look at the amount of work deployed within Windows update. (That there if you 'want' to use it).

Leave a Reply

Your email address will not be published. Required fields are marked *