## Friday, June 6, 2008

### Malware Trend in 2007

I read the report IBM Internet Security System X-Force 2007 TrendStatistics. This is a report describing trends for various threats in 2007.This team has been tracking trends since 2000. I found the reportto be quite interesting. In the rest of this post, I highlight someof the interesting points from the report and what they mean in thecontext of malware detection.(I) The X-Force team reports continued growth in Web browser exploitation. Thisclearly shows that the infection vector is changing to the Web. Earlierthe primary infection vectors were email and the network. Therefore,for detecting malware, drive-by-downloads (DBD) and other threats targeted at hacking through the Web browser need a lot of attention.(II) X-Force also reports a marked increase in obfuscated exploits, i.e.,exploits that use various code obfuscation techiques (such as encryption).Here is a quote, "X-Force estimated that nearly 80 percent of Web exploitsused obfuscation and/or self decryption ... By the end of 2007, X-Forcebelieved this rate had reached 100 percent, ...". This means that goingforward, Web exploits will increasingly harbor indiscernible code rending signature-based techniques less effective. Advancedtechniques (such as behavior-based detection) are clearly needed to detectsuch malware. To exacerbate the situation the X-Force report stated thatthere was a 30% increase in new malware samples in 2007 over 2006. Thisfurther drives home the point that signature-based detectors will have troublein keeping up with the number of malware as they cannot detect new threats.(III) There was another very interesting point made by the report. Modernmalware use features from various types of classic malware (such as viruses, worms,and spyware) by pulling the successful features of each into new strains. To quote the report, "Modern malware is now the digital equivalentof the Swiss Army knife, and 2007 data continues to support this." This trendalso indicates that the behavior of malware is becoming more sophisticated, whichagain supports my claim that detection techniques based on analyzing behavior arebetter suited to handle malware of the future. Another interesting tidbit from thereport: "Trojans make up the largest class of malware in 2007 as opposed to downloaders,which were the largest category in 2006." Recall that a Trojan appears to be alegitimate file with some hidden functionality (for example, that of a rootkit).Trojans are historically a problematic class of malware for signature-baseddetection.Overall, I found the report to be very interesting. Read it for yourself.You can find the report here.

alice said...

Hey, I am a new comer in security area. I found your blog quite helpful. Keep writing!
I agree that sigunature-based methods are less effective for polymorphism virus. But I am not quite sure how behavior-based detections work. Could you provide some example?

love said...

TAHNKS FOR YOUR SHARING~~~VERY NICE ........................................

Many a true word is spoken in jest...................................................................

Elvis湘均Kasp湘均 said...

It is easier to get than to keep it...................................................................

AlphonseH_Va哲維 said...

A stitch in time saves nine...................................................................

Riches serve a wise man but command a fool.............................................................

KyungBivo中如 said...

Many a little makes a mickle.......................................................................

It is easier to get than to keep it.......................................................................

Learning makes life sweet.

Never put off till tomorrow what may be done today..................................................................

Hollis Strong said...

very nice post..Thanks for sharing this with us. But can you provide some more details aboutInternet Safety?

TEAM SECURITY & HR SOLUTIONS said...

we are proving Security Guard Companies in Delhi , security guard, Security Services, Security Guard Delhi, Security Guard, Security Guards Delhi, Security Delhi NCR.Our service is better than another
security company.visit at http://www.teamsecurity.in

Ross Taylor said...

Excellent and very interesting article, your blog is very helpful for me. Thanks, to sharing the information about malware trends. It's less effective for polymorphic viruses. Can you provide some more details about Internet Safety? that's more beneficial for me and some other peoples. Market Data