The hacking community has run out of fresh ideas when it comes to creating malware, according to security vendor Kaspersky Lab.
The company’s report, Malware Evolution: July - September 2006, says: ‘Threats are no longer global, and are not effective for as long as they used to be.’
David Emm, senior technology consultant at Kaspersky Lab, says there has been no significant development in malware code for some time.
‘Periodically there is a leap forwards where something new develops,’ he said.
‘We are seeing many threats in terms of volume but it is the same old stuff, and we have not seen any breakthrough developments in the malware field for a while.’
But Emm says this does not mean the security industry has finally won the battle against malware authors.
‘For the past two to three years the type of malware we have seen has been tailored to make money, to launch extortion attacks and to steal confidential data,’ he said.
‘If something works for these guys – and it clearly does – then why change it?’
Fernando de la Cuadra, international technical editor at Panda Software, says reusing code makes malware both easier and more difficult to combat.
‘Codes are certainly not as high-quality as they used to be. Authors take existing code and change something, add a new function or change some lines to avoid detection,’ he said.
‘On the one hand, fewer quality codes mean the behaviour of the codes is easily predictable, but it also means more codes than ever before.
‘In the first half of this year we found more different codes than in the previous 15 years.’
Simpler codes are an indication of malware being used by financially motivated criminal gangs, rather than hobbyists who are better programmers, says de la Cuadra.
‘To combat them we have to develop a new technology that can detect virus codes based just on the behaviour of the codes. Many of the codes will try to do the same things, so the behaviour is very similar,’ he said.
Andy Kellett, senior research analyst at Butler Group, says this lapse in quality simplifies the task of tackling malicious code.
‘From a security point of view, things that come from a common source are easier to combat,’ he said.
‘More of the same is better, even if there is a lot more of the same. For example, if you look at the spam marketplace, the volumes there do not seem to faze security filters.’
But Kellett says this does not necessarily mean that authors will not improve their code if they need to.
‘Profit-motivated malware authors probably fall into the cleverer elements anyway. They are constantly looking at using resources to maximise the threats they pose,’ he said.
‘If ever they become less effective, of course they will evolve their code.’
What do you think? Email us at feedback@computing.co.uk
Further Reading:
reader comments