Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

Trend – malware – data loss prevention is getting tougher

March 10th, 2007 · No Comments ·

Nearly every corporation is trying to to its best regarding data loss protection while attempting to do well when it comes to Web site security management.

But malware has moved on from rather simply stuff to Type 1 Malware

CyTRAP Labs malware classification scheme (Login as guest, click on this link again and get definition)

Type 1 Malware is, however, trying as hard as possible to evade detection. In fact, where malware has focused on finding vulnerabilities in Microsoft and other products, some malware writers are know searching and finding vulnerabilities in AV (anti-virus) products, instead.

An inherent limitation of anti-virus programs is that they work with pattern recognition algorithms, frequently referred to as heuristics, for detecting malware. While this takes time, new set of subject lines and new tactics to get people to open these were released, suggesting that the level of pretection achieved with heuristics has severe limitations as outlined here:

Anti-virus’ heuristics fail to protect

But the bad guys have become ever better at figuring out the potential weaknesses of anti-virus software (see above link) and, as importantly, to exacerbate these problems. The Storm Worm (misnamed, should be called a Trojan horse) (CME-711 – issued 2007-01-20) managed to cause havoc (CME is short for Common Malware Enumeration).

Recent variants of storm worm are reported to spread via injecting itself into various blogs, web based message forums and web-based e-mail services such as Bluewin Mail, Gmail, Rediffmail or Yahoo! Mail, more details here:

Operation interruption prevention and malware – Storm Worm

The Storm Worm is all about creating massive networks of compromised computers that can be controlled by a single group or individual. A botnet of several thousand computers is more than enough to mount a severe denial-of-service attack. Some have suggests that the Storm Worm was responsible for creating a bot net that contained more than 20,000 computers and perhaps as many as 100,000. Other evidence appears to indicate that there is more than one Storm Worm-related bot net.

More details here:

Malware Outbreak Trend Report: Storm-Worm (January 31, 2007). Netanya, Israel: Commtouch Software


→ No CommentsTags: classification · commtouch · interruption · israel · netanya · outbreak · storm · worm