Security lessons not learned will haunt us in 2009

• Tags:
• Social Engineering,
• Malware,
• Security,
• Botnets

Mary Landesman, ScanSafe

Published: 12 Jan 2009 13:48 GMT

• 
• 
• 
• 
• 

2008 will probably be remembered for a very long time for all the wrong reasons — and amid the grim litany of the year's events are ominous developments in malware, which we ignore at our peril, says internet security expert Mary Landesman.

In terms of malware, 2008 was a very bad year. But 2009 will be far worse. The most depressing thing is so many IT people still haven't grasped the significance of certain malware developments that occurred in 2008. That failing will mean they will be ill-prepared for the challenges 2009 will surely bring.

Let's look back. The power of distributed computing has brought malware to the masses via botnets. While systems administrators cling to desktop-security solutions, the attackers have clearly moved to the cloud.

Botnets such as Asprox incorporated the operational ease of exploit frameworks such as Neosploit with backdoors and downloaders such as Zbot. The end result: millions of compromised web pages delivering Trojans that silently syphon sensitive data from infected systems.

Less is more
Where technology fails, users pick up the slack. Social engineering escalated to new levels in 2008, proving once and for all that less really is more. To bypass spam filters, the messages contain little more than a few terse words and a link.

Some of the messages appeal to the recipient's vanity: "You look awesome in this video". Others exploit people's fear and curiosity: "Pope killed by assassin in Vatican City". In some cases, the links point to a malicious website rigged with exploits designed to install malware automatically. In most cases, however, the attackers can afford to be lazy and let the victims infect their own computers by simply pretending the malware is a video codex or Flash update.

Sneaker net-spread infections made a comeback this past year, thanks to autorun worms that target removable and mapped drives, dropping an autorun.inf to the root, which loads the worm executable each time the drive is accessed.

The continuing popularity of USB thumb drives provides an open door for the malware. Once these worms have taken root, mitigating the threat can be costly. And auto-run worms seldom work alone. Underlining the theme that malware is no longer about pranks, today's auto-run worms double as Trojan downloaders, installing an explosive cocktail of backdoors and data-theft Trojans.

The troops have been overwhelmed. In 2008, traditional antivirus detected 80 percent of new threats. Put another way, traditional antivirus on average missed 20 percent of new malware released during the year.

Signature-based methods rely on four critical components: discovery, analysis, pattern creation and updates. Attackers have overwhelmed the system by releasing...

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit