Malware dangers grow as e-criminals pool resources

The McAfee Global Threat Report says firms need new strategies to defend themselves

Hackers and writers of malicious code are operating with unprecedented levels of professionalism, so a reactive approach to security is no longer an effective defence, according to research published today (17 July) by antivirus vendor McAfee.

The biannual McAfee Global Threat Report, compiled by 100 of the firm's top security researchers around the world, also highlights the way in which criminals are now using open-source methodologies and tools to share and modify source code to produce malware.

McAfee security analyst and manager Greg Day said the report points to " amazing professionalism" and sophistication in the organisation of virus writing communities.

"Five years ago there was a knowledge chain between individual virus authors, but now there's a different gene pool sharing knowledge," said Day. "There's a person financing [malicious code-writing projects], someone to provide host sites, beta testers, QA – virtually every element of a business, a complete spectrum."

The report also reveals how criminals are now using the same open-source processes used to create products such as Firefox and MySQL, to produce professional-quality malicious code, which can reap large financial rewards if it is used in attacks or sold on to third parties.

McAfee researcher Igor Muttik said that the bundling of threats – as seen with the creation of the Mytob worm from the earlier variant Mydoom last year – and the use of tools to hide bots from security scanners, shows that malware is being produced by open-source-style collaboration and code-sharing.

"It's all about taking what's tried and tested and increasing its longevity, " said Day. "This open-sourcing of threats opens up a knowledge pool we didn't want to be opened up – the public will be horrified to see it is so well coordinated."

Andrew Kellett of analyst Butler Group said the security industry is too reactive and argued that a unified approach to threat management is the best way for enterprises to mitigate the risks. "The issue we all have with the security industry is that it doesn't do anything until there is a commercial reason, but the report's findings should not be a surprise to anyone, he added. “When malicious approaches become more mature they tend to stay ahead of the game."

Graham Titterington of analyst Ovum advised IT security chiefs to focus on risk management to proactively prepare their organisation for attacks.

"The threat is real and there are people out there targeting you," Titterington said. "Focus on what vulnerabilities you have and what you can do to protect them – there are so many products out there that everyone has to prioritise."