More Work Ahead

F-Secure reports amount of malware grew by 100% during 2007
by: Jerry Liao

In its 2007 data security summary, F-Secure reports of a steep increase in the amount of new malware detected during 2007. In fact the amount of cumulative malware detections doubled during the year, reaching the amount of half a million. This indicates that network criminals are producing new malware variants in bulk.

“We’ve never seen as many samples arrive to our labs”, says Mikko Hypponen, Chief Research Officer at F-Secure Corporation. “We would be unable to handle such huge samples loads if we would not have built a high degree of automation into our malware analysis systems over the past years”, he continues.

While no truly new malware technologies were seen the existing ones were refined and adapted for much greater effectiveness. Social engineering remains a key method for propagating malware, and more productive malware development tools and kits are increasingly used by the criminals.

One example of a refined technology was the “Storm Worm” botnet. The successful social engineering methods the Storm gang used during the first half of 2007 were further developed in the second half of the year. Also the technical setup of the Storm botnet is unique: in addition to using a novel peer-to-peer setup to avoid one vulnerable central point of control, the botnet also has a capability of using DDoS-attacks to retaliate against anti-virus researchers investigating the botnet. Such aggressive behavior from the botnet makes it necessary for researchers to use caution in their work, especially as the potential computing power of the Storm botnet is quite significant.

Understandably financial transactions remain a favorite target for network crime. The amount of phishing sites continues to increase, but as bank customers have become more aware of this threat the criminals have started employing more sophisticated techniques. One example of this is banking trojans that use methods such as injecting themselves directly into the browser application (Man-in-the-Browser attacks).

Other increasing data security phenomena during 2007 included parasitic behavior, like the Zlob DNSChanger, and increasing security exploit activity for Apple products, including both Mac’s, iTunes and the iPhone. Also the vulnerability of large databases containing personal data has become an issue with several major leaks reported during the year including tens of millions of e.g. credit card numbers or bank account information. Such leaks enable so called “spear phishing” attacks with very well targeted information. The increased popularity of social networking services carries similar risks.

On the mobile security front Symbian S60 as the most popular smartphone platform has done a good job of curbing malware with its 3rd edition software. Nevertheless, we continue to see spy-tools for the Symbian S60 3rd edition platform. Despite the fairly tightly controlled Symbian signing process for applications, spy-tools are able to get through the process by being submitted as e.g. “back-up” software. Also the increasing popularity of “unlocking” the security controls of both iPhone and Symbian phones is introducing increased risks for the unlocked phones.

F-Secure predicts the increase in malware volume will continue in 2008. The criminals are successfully creating a network-based underground ecosystem, trading both malware development tools, skills, capabilities and resources ever more effectively. At the same time the reach of the law enforcement agencies remain limited in the global network domain. 2008 will be a challenge of endurance.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: