Is there an upcoming malware menace we haven't realized yet, but should be on the lookout for?
There is a menace -- it's the global economy of malware developers and users. There is a great deal of money involved and the criminals who build and disseminate malware are multiplying. Malware is also going to evolve and propagate to new mediums. For example, USB thumbdrive-infecting malware is standard now, and there are already a few smart phone viruses out there banging around. As high-speed networking components and wireless technologies become more prevalent, itís only going to get worse. Malware is also working itself deeper into the system than ever before. Last year new forms of BIOS infecting malware appeared that can even survive 100% wipe and reinstallation of the operating system. Hypervisor technology was barely out of the virtual box and it already had malware variants waiting for it. It is safe to say going forward that if a hot new technology CAN be used by malware, it WILL be used to house, hide, or facilitate malware.
How has virtualization changed the way researchers analyze malware?
Virtualization makes it much easier and much more feasible to analyze malware. Virtualization has essentially given birth to an age of runtime analysis of malware. In the pre-virtualization days you really only had two choices: First, you could analyze a piece of malware "statically," which means you load an on-disk copy of the virus or malware into a disassembler tool and look at the code that WOULD run if you did execute it. Second, you could run the suspected virus code -- thereby infecting your computer with the virus which is also non-ideal for obvious reasons.
Fortunately we now live in a world where fast, viable, virtualization of an entire Windows operating system is possible. This advance has opened the door for a whole new class of automated runtime analysis tools that instrument and collect data on a REAL, RUNNING copy of the suspected malware package. This is especially important when you consider that today many malware packages are "packed" or self-decompressing, making them all but impossible to analyze using traditional, static, non-runtime-based techniques.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.