Latest news
Darwin's theory applies to malware
Posted on 20.09.2012
G Data’s new malware report shows a new and unexpected development in malware: the extreme growth of new malicious programs seems to be slowing down.
Granted, the antivirus industry still needed to develop 1,381,967 new virus signatures to detect and block all new malware in the first semester of this year, which is an all time high. But the number is not as high as was to be expected: the figure is only marginally bigger (3.9%) than the 1,330,146 new malware types that were found in the semester before that.
This does not give anyone any reason to be relieved. The new malware that appeared this year has been the smartest code yet, suggesting an evolution similar to Darwin’s evolution theory.
Over the past ten years, security experts have become used to seeing extreme growth in new malware types.
“Clearly more and more time was spent worldwide on writing malicious code to infect computers all over the world. Writing malware seemed to have become an easy trade to make some good money. But, at the same time, potential victims all over the world smartened up and weren’t as easily fooled anymore. This seems to have its effect on the malware writing profession now. Only the smarter malware writers, who manage to change their way of working along with the changing circumstances seem to be surviving economically,” says Eddy Willems, Security Evangelist at G Data. “Adapting quickly to survive the changing circumstances is pretty much the definition of Darwin’s evolution theory.”
A good example of smarter malware is a modern banking Trojan. In the report the evolution is explained: “Most past attack schemes were relatively simple. For example, when a victim logged into online banking, he was prompted to enter a large number of TANs, which were then forwarded to the attacker."
"Newer methods are more sophisticated: In so-called Automatic Transfer System (ATS) scheme, the entire theft takes place without customer interaction. Account balances and lists of transactions are also manipulated in such a way that the victim does not notice the theft.”
Another example can be found with malware for Android: “In the year 2011, most of the malware for mobile devices that was circulated still focused on the quick buck […] and could mainly be found on websites or on third-party markets.
2012 marked the appearance of completely reprogrammed or even new original apps that provided the full scope of functions advertised but also contained the hidden malicious functions. This had the effect that even the official Google Play Store could distribute malware for several days or even weeks before it was discovered.”
The best example of why quality is more important than quantity for malware writers is the Flashback-virus for Apple. “In the first half of 2012, there have been only a few viruses for Mac OS. In fact, there were fewer new threats for Apple this semester, than there were in the two previous semesters. But one high quality virus, Flashback, did the trick. It infected more Apple machines (well over 600,0000) than have ever been infected before,“ says Eddy Willems.
The analysts at G Data SecurityLabs think the growth number of malicious programs will stabilize completely, but the quality of the malware will rise even further. Eddy Willems: “I suspect we will be looking at 2.5 to 3 million new threats every year from now on. Quality will triumph over quantity in the underground economy. It has to, because people are understanding the online dangers better and are getting more cautious every day. In order to be successful as a malware writer, more time and thought needs to be put into creating even more deceitful and conniving schemes. And we, as part of de AV industry, have our work cut out for us.”
Granted, the antivirus industry still needed to develop 1,381,967 new virus signatures to detect and block all new malware in the first semester of this year, which is an all time high. But the number is not as high as was to be expected: the figure is only marginally bigger (3.9%) than the 1,330,146 new malware types that were found in the semester before that.
This does not give anyone any reason to be relieved. The new malware that appeared this year has been the smartest code yet, suggesting an evolution similar to Darwin’s evolution theory.
Over the past ten years, security experts have become used to seeing extreme growth in new malware types.
“Clearly more and more time was spent worldwide on writing malicious code to infect computers all over the world. Writing malware seemed to have become an easy trade to make some good money. But, at the same time, potential victims all over the world smartened up and weren’t as easily fooled anymore. This seems to have its effect on the malware writing profession now. Only the smarter malware writers, who manage to change their way of working along with the changing circumstances seem to be surviving economically,” says Eddy Willems, Security Evangelist at G Data. “Adapting quickly to survive the changing circumstances is pretty much the definition of Darwin’s evolution theory.”
A good example of smarter malware is a modern banking Trojan. In the report the evolution is explained: “Most past attack schemes were relatively simple. For example, when a victim logged into online banking, he was prompted to enter a large number of TANs, which were then forwarded to the attacker."
"Newer methods are more sophisticated: In so-called Automatic Transfer System (ATS) scheme, the entire theft takes place without customer interaction. Account balances and lists of transactions are also manipulated in such a way that the victim does not notice the theft.”
Another example can be found with malware for Android: “In the year 2011, most of the malware for mobile devices that was circulated still focused on the quick buck […] and could mainly be found on websites or on third-party markets.
2012 marked the appearance of completely reprogrammed or even new original apps that provided the full scope of functions advertised but also contained the hidden malicious functions. This had the effect that even the official Google Play Store could distribute malware for several days or even weeks before it was discovered.”
The best example of why quality is more important than quantity for malware writers is the Flashback-virus for Apple. “In the first half of 2012, there have been only a few viruses for Mac OS. In fact, there were fewer new threats for Apple this semester, than there were in the two previous semesters. But one high quality virus, Flashback, did the trick. It infected more Apple machines (well over 600,0000) than have ever been infected before,“ says Eddy Willems.
The analysts at G Data SecurityLabs think the growth number of malicious programs will stabilize completely, but the quality of the malware will rise even further. Eddy Willems: “I suspect we will be looking at 2.5 to 3 million new threats every year from now on. Quality will triumph over quantity in the underground economy. It has to, because people are understanding the online dangers better and are getting more cautious every day. In order to be successful as a malware writer, more time and thought needs to be put into creating even more deceitful and conniving schemes. And we, as part of de AV industry, have our work cut out for us.”
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
