Malware Avalanche Still Gaining Momentum
It's a surprise to very few who follow the malware economy closely, but new metrics have arrived that chart the continued proliferation of the malware epidemic.
It was hard not to shake your head when anti-virus vendor Symantec reported this spring that it had recorded 711,912 unique threats during the course of 2007, a 468 percent increase compared with 2006, in its twice-yearly Internet Security Threat Report.
However, according to researchers at F-Secure, the problem continues to spiral out of control as trends such as server-side polymorphism and widely available exploit authoring tool kits continue to allow malware writers to create reams of new attacks (or, more precisely, attack variants) at a faster pace than ever before.
In its 2008 first-half data security summary, issued June 24, F-Secure reports that malware growth has reached its highest rates ever, with the "packing, encryption and obfuscation of existing families of Trojans, backdoors, exploits and other threats" driving the volume of attacks even higher than Symantec's reported figures.
According to the anti-virus vendor, the number of malware detections that F-Secure flagged during the first half of 2008 has already exceeded the growth rate that the company tracked over the entirety of 2007.
"We ended 2007 with 500,000 total detections. By the end of June 2008 this number is around 900,000. The growth rate has never been faster," Mikko Hypponen, chief research officer at F-Secure, said in a post on the company's Web site. "I have a nasty feeling that the situation is getting worse, not better; however, we're not giving up either."
Even scarier, Hypponen said in a testament to the growing sophistication of the cyber-crime industry, "criminals are adapting and utilizing enterprise-level systems and code within their operations. The complexity and quality of their IT infrastructure and systems continues to increase, providing them with the power to silently flood the Internet with their menace."
So, at the same time that tool kits are making it easier for anyone who wants to get into the malware game to do so, the guys at the top of the food chain are driving even higher levels of attack code complexity. Sweet.
And if you consider that Symantec clearly tracked even greater numbers of attacks in 2007 (likely based on the larger scale of its malware sensor network) than F-Secure, one might estimate that over 1 million new malware variants have been launched during 2008. Not good.
Some additional highlights of the F-Secure data dump:
-The first half of 2008 saw a growing number of targeted malware attacks on individuals, companies and organizations -- typically carried out via classic e-mail-borne "spear phishing" techniques.
-Targeted malware attacks are increasingly being used from political and military motives, most notably in recent clashes between Tibetans and the Chinese military.
-The flexibility of current malware attacks demonstrates that some criminals have considerable resources and expertise at hand.
-The Storm worm has played a major role in the evolution of online threats toward the current trend of drive-by downloads.
-Cyber-criminals are using powerful tools to locate vulnerable Web sites using SQL servers hosting insecure pages.
-The growing popularity of "jailbreaking" mobile devices -- the art of modifying phone hardware to add unapproved applications to the handhelds -- could lead to the spread of mobile malware if attackers begin sliding malware code into home-brewed applications.
All told, there appears to be no end in sight, and AV vendors such as Symantec and F-Secure are struggling to find new ways to keep up with the malware ecosystem.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.