The Malware Storm

malwarestorm

The US Department of Homeland Security advised last week that users disable Java. This is unprecedented. The government felt a computing problem was so severe that it must intervene. Java is a real and present threat to not only our national security but our computers, privacy and wallets. The DHS has no motivation to sow misinformation or fear, and they should be heeded.

Virus writers are having a field day. A new industry has blossomed called Exploit Kits. Talented programmers sell their exploit kits for $3000 a pop to help their brethren malware writers deliver their payloads more effectively.

An exploit locates out-of-date software that allows the payload to be executed without user consent or knowledge. To be clear, just browse to a compromised web site, and you are infected. Malware coders have become quite competent at infecting random web sites, as well. So a good web site today, might be an infected one tomorrow.

Researchers estimate that over half of all infections are through a single kit called the Black Hole Kit. It is not possible for a layperson to obtain the Black Hole Kit, but research indicates that Black Hole’s primary target is JAVA.

Late in 2012, the NY Times published a controversial piece questioning the effectiveness of modern antivirus software. The shocking conclusion was that after an exhaustive analysis of over 40 antivirus products, there was only a 5% chance of detecting and defeating a new threat. That is, if a computer had 40+ antivirus products running simultaneously, there is a scant 5% chance that the computer would be safe from new threats.

The security industry’s response was quick and critical. The motivation, methodology and veracity of the report were questioned. One particularly seething rebuttal discredited the piece and concluded that people should spend as much as they can afford on multiple security solutions.

Ironically, the security industry is doing fine financially. In fact it’s a bonanza. As infections rise, we are spending more money on security software, as well as hiring technicians to remove the malware from our computers.

Security software detects and blocks malware employing a technique called black list. Once a virus is released into the wild, it begins infecting computers. During the infection period, the virus is trapped by a security company. The virus is tested, confirmed, and then added to the black list. Once added to a black list, the other security black lists are updated. As that happens, that particular virus begins to decline in infections and eventually dies.

Polymorphic viruses have caused an explosion in viruses.

Malware makers have found a hole in the black list methodology through a technique called morphing. Once a virus is written, the virus morphs, so that one virus appears to be a thousands to the antivirus software. Polymorphic viruses have created an explosion in malware. There is now more bad software than good software!

The morphing has created a headache for the security industry. The daily number of viruses to be analyzed has exploded. This is a manual process and many of the security heavy weights have created malware research centers in the Phillipines to keep up with the spike in malware. The problem though is that they have forgotten that these viruses are morphing. By the time, the virus has been identified and the black list updated, the virus is no longer in the wild.

Private planes, luxury yachts and all the trappings of wealth are the riches of the malware gold rush. The reason that malware exists is financial. They trick users into downloading their payload, and hold the computer hostage until their ransom is paid. This type of activity should be illegal, but the virus industry is thriving and awash in cash.

The nouveaux-rich virus barons are treating their business as a business. They have deadlines, program managers, product roadmaps, and all the workings of a modern software company. On their roadmap is Mac computers, iPhones, tablets and so on. It is just a matter of time.

About 10 years ago, we were on a similar path. Computers were infected with spyware that tracked activity and blanketed the screen with “contextual” popup advertising. The computer became useless, and trust was waning on the wonders of the Internet. Like today, the major security vendors dropped the ball. People were getting infected despite having the best security software money could buy. Like today, the software installed surreptitiously without our consent. A decade ago, it was called drive-by downloads; today it is called exploits and vulnerabilities.

We survived the storm of 10 years ago. The antispyware industry was born and ultimately consolidated into the antivirus industry. The most important event, however, was Microsoft’s launch of XP Service Pack 3. XPSP3 eliminated drive-by downloads and added a host of new security features. With one fell swoop, Microsoft stopped the spyware storm. Windows XPSP3 was not bullet proof, just made it a lot more difficult to infect. So hard, in fact, that firms such as WhenU and Gator were no longer financially viable.

We are at a crossroads. Like a decade ago, will the people conquer over the criminals that make viruses today? Unfortunately, Microsoft has lost its focus on making a great and secure operating system. A solution will arise, and it will be free like XP Service Pack 3 for quick adoption. I hope the criminals won’t know what hit them, and then the bankers can foreclose on those ill gotten mansions.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles