Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


As Threats Evolve, Defenses Must Adapt



 By: Paul F. Roberts
2005-10-17
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. As Threats Evolve, Defenses Must Adapt
  2. ' Threats come from different '
  3. ' IT has trouble keeping '

Rate This Article:
Poor Best
As Threats Evolve, Defenses Must Adapt
( Page 1 of 3 )

Swamped by a flood of malicious software and under pressure from customers who want protection from a widening spectrum of threats, anti-virus experts are scrambling for new ways to sniff out the new breed of malicious programs.

Its Monday: time to pay your monthly credit card bill. A tech-savvy consumer, you log on, open your Web browser and surf to MBNA. com, a site run by the bank that issued your card. Once there, you enter your user name and password, access your account, check your last statement, transfer funds, and pay your bill.

Little do you know that a program on your computer that you agreed to install—perhaps without knowing exactly what it did—is silently monitoring your actions, taking snapshots of the pages you visit and forwarding that information to a company that sells market "intelligence" to advertisers. Thats if youre lucky. Worse yet, the program may be an hours-old online banking Trojan that captures your e-banking sessions and sends the information to a compromised server in Brazil or South Korea. And, then ... who knows?

The details of the attacks vary, but one thing is certain: current anti-virus technology provides only sparse protection against the kinds of threats that Internet users face today. For more than a decade, anti-virus software has been a pillar of enterprise security programs. But times are changing.

The explosion of current online threats could unseat traditional anti-virus technology and the companies that sell it from the front lines of computer defenses as users turn to more proactive technologies, experts say.

Resource Library:

Researchers gathered at the recent Virus Bulletin International Conference here have seen malicious-code trends come and go: from the early boot sector viruses passed along on corrupted floppy disks, through early macro viruses that hid in Microsoft Office files, to the advent of sophisticated, self-replicating Internet viruses and worms such as Melissa, Code Red, Blaster and Slammer. But even virus industry veterans admit that the pace of change has quickened. The last two years have brought profound changes to the industry and the work of anti-virus researchers.

"In the old days, you were up against a teenager without a girlfriend, working alone in his bedroom," said Nick FitzGerald, an independent anti-virus researcher based in Christchurch, New Zealand, who has attended the Virus Bulletin conference for the last eight years.

Today, professional criminals have moved in and targeted a critical weakness in many anti-virus programs: their reliance on malicious-code signatures to spot threats. "Even really obsessed [teenagers] only put out new viruses once or twice a week—and they took holidays, too, and had tests to study for," FitzGerald said. "Now you have 18 or 20 new Bagle [worm] variants in 24 hours. Twenty-four or 30 bot [remote control software] variants a day."

Many anti-virus vendors have added heuristic detection to supplement anti-virus signatures, but criminals have responded, using packaging programs to spew dozens of files with different signatures but identical contents. The result is that anti-virus companies cant keep ahead of the tide, FitzGerald said.

According to research by Greg Day, a security analyst at McAfee Inc., based in Santa Clara, Calif., the percentage of medium- and high-risk attacks for which signatures were already in place compared with those attacks for which a signature update was needed has slid dramatically in recent years. Last year, approximately 90 percent of attacks occurred before there was a signature to stop them, compared with fewer than 50 percent in 2002.

Researchers at Kaspersky Lab, a Moscow-based anti-virus company, now receive 5,000 samples of malicious code each month, double what they received one year ago, said Eugene Kaspersky, head of anti-virus research. Kaspersky Labs database of malicious code has grown by 50 percent in the last year, to more than 150,000 records, he said.

More shocking, some 80 percent of the malicious-code samples the company receives are written by online criminals to make money through identity theft or hacking. Just 5 percent are written by immature hackers or "script kiddies," Kaspersky said.

The commercialization and criminalization of the malicious-code-writing community is only one problem facing mainstream anti-virus vendors such as Symantec Corp., McAfee, Trend Micro Inc. and Sophos plc. that are accustomed to battling viruses and worms. Stealth techniques, changing distribution methods, and the blurring lines between malicious programs, spyware and adware are all putting pressure on the anti-virus old guard.

Careless users challenge mobile security. Click here to read more.

Spurred by advancements in techniques for hiding programs, especially on Windows-based machines, an increasing number of malicious programs contain features borrowed from rootkit programs that allow them to evade detection by anti-virus scanning programs.

Kaspersky Lab charted a steady rise in such stealthy programs in the last two years. This year, for instance, 31 examples of stealth malicious software were discovered in April, compared with just eight in January.

By intercepting operating system calls or communications with an operating system kernel, such stealth software hides many of the telltale signs that anti-virus scanners look for, such as executable file names, operating system registry entries and memory processes, according to Kimmo Kasslin, an anti-virus researcher at F-Secure Corp., of Helsinki, Finland, who spoke at the Virus Bulletin conference.

Next Page: Threats come from different sources.





  Reader Comments: As Threats Evolve, Defenses Must Adapt
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}r8qռFsw1E)%[rmy-%ޤn"!c䒔y}AI3ؖnt7F$I KǘYOcSݣ&}$5~M 4I= ˑԫ 9S]MHwW3fcөP/?`᳑(,BaU70vK]Kw@SUؓ[vb䅠1FE8 /5#7J3v' jb'ӤRcfxHx#@XSTHԢfFԴ;gj5[gb=ױ}ǣ# 3E5L֟GB$fŭ0r̳X#vR0wcE[#Uֶe5]~7mgE5'l,R" ?q74Ba% ;E&sؗ#Y֌`F-S4uXUCV(atxlUm8eڳ/&Neם;޾}wQ(Z(^:9~`hiv$CM=듫yظ}  7DUE`R$_::fN{\"x[^jA=Vdڱf1Sd!XI#/Ypri[򓹥}o\tzmotg>ߙekfy 3(ժ?TRJg3B~7uVgۧkU{#gj윶{ GtH  Wh: N\k׷V<ck'^C헩EXCyCm0Mߑj"3?]$ZN.:$'mT[y47Q[h,r$brF,>JAfk7 Jsi)" :sP;J}N(m҄j 9B̼NR49Vϡ蟉$Wm4@r1)6B̄H )Wjt ~^',)|YU>I"E[fO ${3BDȽ`g@qE !\J!=! g|8U%Ke}7pWM]zlNTW꒮2Wb{熷(.ϱǍv"U.۽^]8JjpX.B2iKB0.pԶ7j06R Jװ h2e8l ԰2nБ6_΂@utiSMc|>9ևm'!|Аd mxZ.s3IXn`Nt&hoQy4ڭ,%_ >< )zN==H6(Zχ`jc˦M@B9ǻޚB<Qҡ4|aqjQ?]*~h3-Df>o  9#k M L<ģL~q (~9-WR;C/0tKt k2 'yvwj̟4<3rGֶLoj@~)&](LuΩJJ&k*HX3j-y6yBN{r+ߌO\XbʁZO%XScX`Da Lzb0qm/n$)LaV|\vLg˺VkͲF^ӛA| ~^/ B[+(Y&&ےxmEڠeeLGyK-# IPצ(X+ezdxy62&CŸä 7q=k=0RTȅj#SV+a5sV@@@7h ,؂riz6<:NX%鹞`ۉ6*||0ː ;q- CM5,v&Ԕfj:Y[^|'+ȁUrqXkj0익ׅ])/hM泛vpvG9Je!6#{jiWHLZ`!?r(1Iҏ5 &^PGe d*9-0cYC6aDm6#k(MER&= G.4uD83[-AU4$qxS??4X)0*y.og>:F} `'zpgItоhʰeh8`Zzq$sDX(T< ֚p̈́O5Oc_cрah"pHE@xZkhp B@E.Zr>J+b"[8 Utl) FujIMy-!/?ˇI%$4X2=#\\V`QaƖ]4FXXH]M;H̎'BC2By^ ihwYB@)% ӣzp` nrʃ4t]#@$2}}v~ 9N XQVawwT)ӱ%Jt( yB\+bԻ3ubH#C`BEWFڬ,pZԿCuλWԴ)+%V$tu| `_snM<=צK$*X]Fj}u¾_[N_7{)|h#Q h`! K{ZCAm1۩Zw\܁c:P=H(T\g7cMEH]ac6U{z@n)Z-Me;4zJD噛>67/=Ǐd[̌<9yn2$8z.0JL;O%95$_ہ3Jnbۤs:n&2006E-0P>\Qr,09|փu8[?g`̦Sk`p1\A>+em/|m*Ln1}a%[Ŵw)n<0{L3gJ= Pho`$d6(aE+-g}X!2␜ ~'U`9L86rR)Y 2=ct864>u'Si lm[Q ;&KDVжU0Hz.qLspIe>2I*"E6[WX HXLJ_ kbT 4DJPGQ>=͠1p Fnu<1H>JcOT&#UT-Vr!~퓨萫nEZ`ЯxLl5AKfl!/`.Q(c/"l`^ASf<^ΐےtKק~ 6-B5MnIo.Wk21氤'v ˽'jD@KY #fCENIjVړ$t`1۳<%8tpL\'eM=J皽6D= ϟݜ;s`>L;J@ r;qO;a>&rikS@J|@tɒ\' *BxX8YH/s>P9ۻBlpI3T!,0l{Tѵljs2f5}BA0ف9֦@tb ca0 ~] js7&[OmqM/ufXegL5FHK}ҼoHS09iJs jBGH|9zſ|§G {s\#g伉a-ѫ^Q/,dk.}?I/K턟ycP!ZSϏ%٘NBEW5vlko(+"sᔤ\E'㣓)?8boڗ`@L6CGfKfζ==4zᯯ=إ%<_+~GLwUv@%B6{ZgeQJW=(qM@k%E(qQ#{"F%t` FuUmr5Ox'Km_'p65xflW،3DtQWJ Lt+dXZc(\Rq&tY,xN` #*ԧQtjڰ~{N]IJ8\(C9B +< Τw"W ;"D>bø3<]g>XB]إTv!m*;VSDo(-ԔbC94?<>"g#.Qihd&3C6'ob.J]_@3%|,&ue".Ca'Fo6S]. 72g@ZN )r,~I',(}gILN|0_Bd4dAWAgiZ >2(H,YMĤ T gi߆.H^OGb?QU=zcQŔS?gYU2_p&.-+% Yۓ2Oȶ,IUI?x(F^\)= RMՔ89T+*8OY4Iƈܞڄ]:"K yFTJ 3G#ϕz!ńK(h``]{gG,W&5\$B4j91j/?:\'TfQyCG j1b(!( ^of׫&Yg{6)n )^sH,**5P*G)ѐs֏Vؔ4m sVݗ>`.>Hlfr" cx*:;,XO9y`-$UDiQ -Ʀ7/_8xb%)m ].82؋g9-m.L0Vlv&֓"_+G0m%UOwڪTeh8"A9%&ROTS_uå!p0!$|ǯ4BmNSUReҳO/~YxW dŵ0YQzGDT+kV|YȰF]J;hwf/)$NRY?Hxf8"ȅ%_<*!AK#+sJu[<;ul'\}B@BeD0Pu03b?nDVb]މ}jl>ggzySgfBz X |y1O*k b%NtB 4dAh=4R{R[ǚ,gc< )*?!Y:OwH9fԛՖ8X~:sppa xFIX5VVY)c?{݈f4n¬-RkϹ7a+8M;0cX3$Nxuչcw{IPmlŦt8>~{'FfDT!X%yiÛ_Z6J-yM0\ }Vl_hs8@ֈrV [nѠe(r saE9|f,z T$"+26 +آۈ]c;[;00'p`.' 3&*9""Qa!€GsբƘ+noハ]T #$%5H{TRp"@wyh,\$O4zJqgDBxoI`< @'F?K8H/ ng`%Kd> wBM~}֔jǪ/oX7#E+nDsf! !{9R=Wxf3 Hy@wQr.\4@3&03hνc P!?E7U6Zg nb+n<\*VM Ba;D0‡҃dX/b+1ʱ, <~܋n.!,p^R4a—䀲9Lt 'Ʈ,!/B^]’NM=1I~r1)ڊ77nA1zJ-9"G@Ÿ *$"R +hAB,Tw<&G6Ë/-IyoYK6qNfAfQȢiwׄ\1$V j~zz_ZbiE.c 2@ךBZc;3 G]!DUt HU9 &u0Z|<Ͽͧ5:@ 66 yZŠ{i <7/=737zZC^MK;7^6]4_q=!o7;C'ՉHk -;[K<'<'ڢ RDXXZҎSQ Э%0 .kXGl7K1eTUR5Ϛxd kH0'}sJ%.aGN$(cX az/;r}#[2@ eˡ0Ƹm5ܵ4Q5ee),(AbW1_aw׭lsdL0ڱ]st73>н^3B{sl^1~$jsa s)ʒ23^WlfmmYQ ֶBۅ]aiJ"%N'099l6a ZZ\Z-߶~ux src6ފj J \0] aL/bD+ )m3FwG#SOcSP`|ؘC c +p#S CR,6$AeЃ5T?0м )VVwn kb:ҁC+q,N㶭EEN]5+ Sx,C7**E-&=Ni48y}A6ژy빟iF$Y0C?7-Gd.$'Ҕk3`v rF@Yj!u8H]F&P0\Ǎmٹ WEo^ CR=wfMd7)Xsv7ĵ6'f.T@!'vѻ 2Y»'c0H,[g ¨b)F_.JgeEt0w j9n Q&@Ĕv767p>9/YdJEP.N \2}M0]_:فAfp͒w\j:rtT b8+M 5?3,ȏ]rKlݜ(8#Zi$P!%h$bcx=9 _3 㯛6} =<RXX_1ԻPSr$4k|:(rO=Vr\{Beu|^*_ӄ^I+\QY / PIj WPɺ>1'}7cƄ'rֽ!MrvnއM^EO7a[+|SwNOOgM窟k|jkyl2/*vg(P]5/NQʩ\h"^ûHKvY GcqqSg |=JWjթ4 L̙7[vfS+~k!?m?{l12ZTmzfx9j0zIcos@1@C|k_O{5BJ6//2CP9o֗61nFyʻ-AQ~ π>gywNqY_iVF9?t2ʡ{埠 fe\_,@ ^}.3s _f y2zG(Q~d_BeF9U^\eUu݌wAt3OK7C\\g5ԿΨs?=eg__P>dG(U}#cn66oیon3/9IR< 9k^K$kdK"~)PWgP*(Xi7Zeu+\W~ y>{#sg+sJ+ťW 7׳KT3cn5:@ba/! c|*,xW&^>&c˼V,$=)>w槤Ixϕմ] &JR[O'ikr(%s<2g!gs=* 4=}m0zs"X5̽p'oeybnAz[G$ZQ=P.v8)n7pK|*SG0%nsOkr>u"[~|^_}=xC//u>O?tҾj^ =֋쓥̓>A7n"B8#/0dH= _\M ;wC-=C PN_ MW酆.ۘsqo8c5c[&IΝ JIUKJ~+jZ' a7 R 5w9 طV˥*D`q9#RB4|O۴W)]74Csc<{+4аY-P=~L@M&6"O1 ͛YȌNE5//{_۱ B bb{ˈT`TlJx /&qf&MX>&\ʠaCa,%sv[z0 S|wNB35,>X v7i\{M)}T.q 5sEEאE,&Jhӄ B8̈́N`'8_Mh̀Yx "s HaCvk2}jQwh}t:פX3[ޚ0D00Y~l'PUE0P$=Cf Kǣ?EcС_km"tZwkdYE)ə W Bz ,*- O*_j9.KPRJVr.Q ?`n6{4OHm{X|@ăx!$5_x|XT ,sD?>K:S1U1ւ_/gwd&%}YQ v.ychFz%JT~3(HxrHqpC>~؋J0wGw ,CQ6N>LSA>X읙fc.Mc(ŬBCd=)O?6oG[nI 5E`1v4aehDSL/Tvy* *>% /)ik%^cHPWFWݞ햏 OXo} 8lO.dzl}π!XsCQ%ɷ` =͛-Hˍt/ASlk 6- `⎈meeZ:DR*,D&f ,~sf[mrxgs¥q@NDqD'Pv;mmlP/>¼yOW=Ofuݍ2J׼tmk%CKrX}P/):OOgsZ%_Hv"N,c 0У,*05vs::hՆGXxЬ; [) qy6` <Щ0 \bXeܔ1uF. ШpSN?X70(|N4uv{@7* 0 'Ɣ ϰ" sk29),Sǝ+ .^s {ej xٚջHR#z.Yׂ!gn耵]1fnB!ˣŬ"D0Ȯ'Z:tsh{h۟Z3THهl*~&!,{+ЃT~xFK-^8Q> χ"@Ԃ+"e})IDy{SL_?|T+K+ aMd|h/]7,{՗ΚOG<|Xyx8|n.3JbQ'.mwޝVv/71X744O߿~jIҜ%!޴i B"E{ju%_z`o3 g|oUAtMz'14mEg,3lW'Rե{ol' uE^8%ܖmJPQ&s)# MW\eR4զr0>d֊V&|ƷZ2cˤ_ l%