Malicious Software Continues to Grow

Stephen DeAngelis

March 28, 2008

It has been a while since I posted a blog about malicious software. A recent Washington Post article, however, caught my eye [“Firms Struggle Against Web Viruses,” by Brian Krebs, 20 March 2008]. The statistics it provided are staggering.

“The number of malicious software programs vying to take up residence on unsuspecting computer users’ hard drives has quadrupled in the past two years, according to security experts.”

A quadrupling of malicious programs wouldn’t be so disturbing if they had gone from 2 programs to 8, but as every computer user knows, there have been hundreds of thousands of worms, viruses, and Trojan horses created in the past.

The growth has set off alarms at security firms, which say that identifying viruses has become more time-consuming and expensive.

“About 5.5 million malicious software programs were unleashed on the Web last year, according to AV Test Labs, a German company that measures how quickly and accurately antivirus products detect malicious software, also known as malware. That number has increased by four times since 2006 and by at least 15 times since 2005, according to the company. In the first two months of 2008, AV Test found more than 1 million samples of malware spreading online. ‘Back in 1990 we were seeing a handful of new viruses each week,’ said David Perry, global director of education for Trend Micro, an antivirus company in Japan. ‘Now, we’re having to analyze between 2,000 and 3,000 new viruses per hour.’ Much of the malware harvests financial and personal data, which is sold to groups that turn the information into cash through identity fraud. Cyber criminals also use infected machines to anonymously attack others, relay junk e-mail or host fraudulent Web sites advertised through spam.”

The biggest difference between today’s viruses and those in the past is the motivation behind those creating them. When viruses were first introduced, they were intended to crash computers, wipe-out data, and cause all sorts of mischief. People knew they were infected because bad things happened. Today’s viruses are meant to be undetected. Their creators work hard to ensure that host computers continue to run without interruption or interference so that they can remain zombies.

“The proliferation of viruses and other malware has forced the antivirus industry to change how it writes software and to make its products far more powerful and sophisticated. The challenge, security experts say, is that criminal groups responsible for manufacturing most of the malicious software are investing profits in research and recruiting talented computer programmers. A special emphasis is placed on creating malware that exists peacefully with infected computer systems, doing its work quietly in the background. ‘A lot of these shops are now hiring professionals and doing quality assurance work, things that generally make the job of the antivirus researcher that much harder,’ said Randy Abrams, director of technical education at ESET, an antivirus company in Slovakia. Malware writers are increasingly taking steps to ensure that computers infected with their creations stay infected, according to security researchers. In the past, no matter how quickly an antivirus product shipped updates to detect the most recent malware, most antivirus software would eventually sound the alarm if a virus managed to slip past its initial defenses. But more of today’s cyber criminals are continuously updating the malware they have managed to install on victims’ computers, replacing older malicious files with new ones to keep them hidden.”

The article concludes with a caution that once infected the only remedy may be completely reinstalling the operating system from scratch.

“For many users, some of the most tenacious intruders cannot easily be removed without reinstalling operating systems. Reinstalling isn’t such a huge hassle for business, which tend to keep user-generated data files in separate digital storage. ‘A lot of today’s infections are extremely difficult for the average user to remove completely,” said Don Jackson, senior security researcher for SecureWorks, an Atlanta security firm. ‘You can see the evidence of that by number of people desperately posting to various security self-help sites.’ Experts say PC users shouldn’t depend on antivirus software to save them from risky online behavior, such as clicking on Web links in unsolicited e-mail and instant messages. Rather, they say, antivirus should be part of a layered security approach that includes using a firewall to keep out unwanted Internet traffic and applying software updates for Microsoft Windows and third-party software — particularly popular programs used to display documents or play audio and video files.”

Ever vigilant — that should be the motto of anyone who surfs the net or uses email. As president and CEO of a growing business, I know how much effort my IT team puts into trying to protect our network from malware. Like most IT staffs, they continually plead with employees not to do dumb things on-line. With 3000 new viruses an hour coming your way, even vigilance may not be enough.