HNS MAIN FEED
Tuesday, 21:12 EST
- OpenDNSSEC 1.0.0 released
- Microsoft releases giant patch collection
- 81% percent of e-mail links to malware
- Unaware of the dangers, most teens share personal info online
- Data harvested from Facebook used in boiler room scams
- A closer look at USB Secure 1.3.0
- Safety tips for online dating
- Researcher hacks security encryption chip found on millions of PCs
- Is authenticated XSS a problem?
- Online shopping safety: Consumers hold retailers responsible
- Seagate ships the Savvio 10K.4 hard drive
- Political hacktivism and the exploitation of tragedies is on the rise
Q&A: Malware threats, Windows 7 and cyber crime
Bo Olsen is a malware Researcher at Kaspersky Lab Americas. In this interview he discusses new malware threats, the problems the anti-malware industry faces today, Windows 7 and organized crime.
The last few years have seen an explosion of new malware threats. What new malware analysis tools and techniques have appeared and what do you expect to be using more in the next few years?
In the last few years there haven't really been any new or groundbreaking techniques in general, and in anti-malware tools specifically. Instead, we have focused mostly on improvements to existing tools to enable them to scale better. If you look at some of the tools available to the public, take IDA for example, it simply doesn't scale to 30,000 samples a day. Also, malware analysis has evolved to better accommodate the volume of threats we see. As the threats become more sophisticated we are finding new ways to apply conventional methods to analyze complex malware. One area the anti-virus industry really needs to devote some research cycles is how to combat virtual machine based obfuscators, such as Code Virtualizer or VMProtect. Detecting malware protected with these obfuscators is generally not the problem, the real issue becomes understanding what the malware actually does, such as with Clampi/Ilomo.
Writing malware for bragging rights seems dead. Nowadays cyber criminals chase the money and have a lot of it to invest in developing new areas of attack. How can the anti-malware industry keep pace with them?
The criminals are indeed investing money into their business, but so far the results are mainly a huge increase in the number of threats. So the question for the security industry is how to protect users from as much malware as possible. I am not sure if the anti-malware industry can keep pace with regards to signature creation, or if it is even worth keeping pace. We receive about 30,000 new malware samples a day and we create around 3,500 signatures daily, an astronomical figure. If the industry were to try and write manual signatures for each of these infections it would be impossible to keep up. Therefore, instead of depending on signatures, the best approach is to make good use of heuristic detections and leverage other forms of behavior based protections.
1 | 2 | 3 | 4 | Next page >>
- A closer look at USB Secure 1.3.0
- Is authenticated XSS a problem?
- A closer look at File Encryption XP 1.5
- Corporations should follow the goverment's lead on attribution of cyberattacks
- IDS legacy is institutionalized failure
