Faster-changing viruses and Web 2.0 threaten security

There are new problems brewing for firms, say Symantec researchers

Polymorphic viruses and vulnerabilities in Web 2.0 technologies could cause problems for IT security chiefs in the future, according to the latest biannual Threat Report from Symantec released today.

Symantec research scientist Ollie Whitehouse said there has been resurgence in polymorphic techniques to create viruses, meaning they change signatures every time they replicate to evade detection by conventional antivirus products.

"Historically, malicious code writers used packers as a cheap way to get the maximum use of malicious code they’ve written," Whitehouse said. "But unpacking engines have been able to detect these threats so hackers are reverting to [polymorphic threats]." However, certain sections of code in polymorphic viruses do remain the same and can be spotted by some engines, he added.

David Emm of antivirus vendor Kaspersky Lab commented, "We're going to see the bad guys break new ground, but it's not surprising that people are also taking older techniques and reapplying them. "

Elsewhere, Symantec has recorded the highest number of new vulnerabilities for any six-month period, at 2249. Web application vulnerabilities accounted for 69 percent of these, and as more enterprise applications are delivered via the web the threats will grow, said Whitehouse.

Ajax web application technology was also highlighted as a possible area of weaknesses in corporate security, creating increased potential for cross-site scripting and content injection attacks, while the interoperable nature of Web 2.0 applications could create further problems, said Symantec.

"If a vulnerability is found in one application then the ramifications are vast for exposing [many users]," warned Whitehouse. "There is a gap in the knowledge of many [IT chiefs] but in the next 12 to 18 months we will see a lot more research about attack and defence methods.

David Boloker, chief technology officer of emerging technologies at IBM, said the problems "will have to be addressed further" in the future and added that IBM specialists are "focused on Ajax security".

In other news, email security specialist IronPort last week published research that indicates over 50 percent of corporate desktops worldwide are infected with malware.

The firm also launched its S-Series web security appliance – its first foray into the anti-spyware market – which features URL- and reputation-based filtering technology to stop threats at the perimeter.

"In 2006, we have seen two important trends working together: overall threat volumes are increasing, and the level of sophistication is also increasing," said Tom Gillis, senior vice-president for Worldwide Marketing at IronPort.

Meanwhile, Kaspersky Lab has showcased a new version of its Internet Security suite to make management easier and more centralised, and with improved anti-virus capabilities, including better tools for root-kit detection and removal.

"We're trying to produce a corporate release which utilises the technology already in our personal products," said Kaspersky's Emm. "The cement that ties it together is the admin kit, which gives IT staff the ability to define policies and control real-time and on-demand scanning capabilities."