Q&A: Malware Trends
by Mirko Zorz - Monday, 23 February 2009.
Marc Fossi manages research and development for Symantec Security Response where his primary role is executive editor of the Symantec Internet Security Threat Report. The Internet Security Threat Report offers analysis and discussion of Internet threat activity over a six-month period and covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks, as well as future trends.

Can you give us an idea on the amount of malware Symantec analyzes on a daily basis?

Well, I can say that according to our ISTR XIII we detected 499,811 new malicious code threats in just the first half of 2007, and that number doesn't include adware, spyware or misleading apps.

What are currently the most insidious types of malware?

I would say certain Web-based malware would populate that category. In 2008, we observed the Web become the primary conduit for attack activity. In 2009, as the number of available Web services increases and as browsers continue to converge on a uniform interpretation standard for scripting languages, we expect the number of new Web-based threats only to increase.

Based on your research, what kind of outlook can we look forward to in 2009 when it comes to malicious code?

In addition to the increase in advanced Web-based attacks, we think the economic crisis will be the basis of many new attacks. This will include, of course, phishing attacks, but attacks may also exploit other types of fraudulent activity such as around economic issues including e-mails that promise the ability to easily get a mortgage or refinance.

We also expect to see attacks propagated through social networking sites to increase. We expect an upgrade in spam to the use of proper names, sophisticatedly segmented according to demographic or market. The upgraded spam will resemble legitimate messages and special offers created from personal information pulled from social networks and may even appear to come from a social networking "friend." Once a person is hit, the threat can easily be spread through their entire social network.

How big of a problem are fake anti-malware solutions?

They're a big concern right now. These so called "scareware" applications make promises to secure or clean up a user's computer, but in reality are installed along with a Trojan horse program, produce false or misleading results and often hold the affected PC hostage until the user pays to remedy the pretend threats. Even worse, they can sometimes be used as a conduit through which attackers install other malicious software onto the victim's machine. The best way to avoid becoming a casualty of one of these misleading applications is to use only antimalware software from an established and reputable security company.

What upcoming malware distribution techniques should we be on the lookout for?

Well, attackers have shifted away from mass distribution of a small number of threats to micro distribution of large families of threats. These new strains of malware consist of millions of distinct threats that mutate as they spread rapidly as a single, core piece of malware.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th