|
| Top
Security News |
Bot Battlers Bruised By Botnets
The scary part of bot infestations running on millions of PCs connected to the Internet comes from the revelation that sometimes the bot herders work cooperatively rather than competitively.
Vermont Victimized By Virus
A bot attack against a state computer in Vermont may have yielded information on 70,000 people to the criminals responsible for the intrusion. Financial and personal information exposed in December 2006 to the attack belonged to some 12,000 people...
PayPal's Security Key
Infoworld reports that PayPal, long a favored target of phishers and email spam, has come up with a measure designed to better protect its customers. For $5, any PayPal customer can order a little security...
Windows Getting Critical Fix Next Week
Only a few fixes have been planned for January's 'Patch Tuesday' from Microsoft, with Windows scheduled to receive an update to a critical issue .Along with the Windows patch, a trio of Office...
Online Theft Snared 401k Account
Although the story of one man's lost of $179,000 from a retirement account appears to be headed for a happy ending, the article leaves out some crucial information. Down in the comments about Dave...
QuickTime Issues Still Plague Websites
Similar to the issue that allowed the MySpace worm to parade through the popular social networking site, another flaw in Apple's QuickTime can be exploited. Windows and Mac users are vulnerable to a pair...
Data Thieves Drop In On Your Phone
Spyware geared toward stealing data from a mobile device has been spotted accompanying phone-infecting viruses; this early effort probably signals more sophisticated attacks are in the offing.
Keeping An 'eEye' On Zero-Day Exploits
Marc Maiffret's eEye security firm has launched the Zero-Day Tracker, a website where the company will post and archive information on vulnerabilities hit by zero-day exploits. When a patch emerges from...
|
|
|
|
Short life times for the Storm worms, and a multitude of variants, have combined to be part of the reason why fighting them has become a difficult effort for security companies.
The Storm has been spreading over the Internet for weeks now. Emails hit inboxes with plausible Subject lines and innocent looking attachments. The next thing that happens to an unwary users is a system infection, launched by the file connected with those spams.
Security firm CommTouch said in its Malware Trends Outlook Report that four reasons have contributed to the continued spread of Storm:
• High Distribution Intensity: Storm-Worm attacks repeatedly in intense, high-volume waves. This substantial quantity ensures a wide distribution of the malware across the Internet.
• Vast Variant Quantity: Storm distributes a vast number of malware variants, over 7000 distinct variants on several days of the outbreak, and over 40,000 altogether during the report period. Since each variant or group of variants requires a different signature, it is impossible for anti-virus engines to keep up with this rapid-fire pace.
• Brief Variant Lifetime: The fleeting lifetime of each variant is two to three hours on average, and each variant rarely makes a second appearance during the outbreak. Since it takes several hours to develop a new signature or heuristic, and up to several days to distribute to end-users, these short-lived variants are typically out of distribution by the time traditional anti-virus defenses are available.
• Low Variant Volume: Each variant is distributed in relatively small quantities or instances. Since an AV vendor must be aware of a malware sample in order to analyze it in its laboratory, distribution in low numbers often enables the malware to "fly below the radar" of the traditional anti-virus engines.
With the RSA Conference coming up, we chatted with Marc Maiffret, CTO and chief hacking officer at eEye about these topics. It's a condition of being online that has to be addressed, and he believes that the newest version of his company's newest edition of Blink will be suited to handle this.
Maiffret noted the combination of applications needed to address malware attacks on vulnerabilities today: anti-virus, anti-spam, malware detection, buffer overflow protection, and patch verification for systems. Blink 3.0 will do this for its users, he said.
The Blink approach features sandbox technology from Norman, which now has its A/V engine in eEye's Blink package. Using lightweight VM ware, Norman sandboxes executables and evaluates them before they can run and do Bad Things.
That's the proactive approach Maiffret wanted for Blink. He said out of 20-some vendors eEye evaluated for inclusion in Blink, Norman was the one consistently detecting viruses ahead of time.
But the reactive way of taking on viruses, with a signature-based solution, has its place. The addition of signature-based scanning helps stop existing pests. Maiffret said Blink is stopping viruses roughly 3.5 days before signatures arrive as updates for users of rival products from McAfee or Symantec.
About
the Author:
David Utter is a technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
