"Malware evolution: January - March 2005".
Why haven't there been any major outbreaks caused by email worms in over a year? Where have IM-worms targeting ICQ, AOL and MSN Messenger come from? What is the background behind the recent flare-up of phishing attacks? How has Microsoft Service Pack 2 for Windows YP changed the face of IT security. How is the development of adware and spyware affecting the cyber-threat landscape? In the report Alexander Gestev explains how the events of the first quarter of 2005 show that classic email worms are on the decline, with network and instant messaging worms exploiting relatively lax security to take their place. He proposes that the decline in successful email worms (i.e. ones which caused significant outbreaks) may be due to the fact that the anti-virus industry has developed new methods to block such worms. However, Alexander Gostev warns that "network worms which exploit Windows vulnerabilities are starting to represent more and more of a threat. Scanning network traffic as well as email traffic is therefore essential."
IM-worms are still in their infancy, probably because they are still in the domain of script-kiddies. This, together with improved Windows security, has led to a relatively quiet three months.
However, phishing attacks are now moving to the fore; the convergence of adware and malicious code, the increase in botnets, and malicious programs for mobile devices seem to indicate that the first quarter of this year may simply be the calm before the storm.
Alexander Gostev explains further his thoughts on adware, 'The boundary between harmless adware and malicious programs has effectively disappeared. Every day the Kaspersky Virus Lab detects more and more programs that seem to be adware, but which bear all of the hallmarks of Trojans. Virus. Win32.Bube, serves as a vivid example of how the boundary between adware and other malware no longer really exists."
"Adware, viruses and Trojans now exhibit many of the same characteristics, meaning that products designed only to protect against adware should be treated with a healthy degree of skepticism. With adware becoming increasingly inseparable from classic malware, dedicated anti-adware solutions will simply cease to provide adequate protection."
Finally, Alexander Gostev reports on the increasing interest from malware writers in online games and explains how Kaspersky Lab has set up a unique relationship with the publishers of the Russian game, "Boitsovsky Klub' (Fight Club). "In this game, a single object can be sold on for up to a thousand dollars and the threat to users posed by malicious programs that steal username and passwords is extremely serious. The malicious, unauthorized user has access to someone else's character, and all the objects that this character has accumulated. They will then either sell an 'object' to another gamer for money or just keep the user name and password to play the game themselves."
Game administrators now forward any viruses, scripts and Trojans attacking the game portals, and Kaspersky Lab ensures that updates protecting against such threats are released almost immediately. This joint project is unique in the world of online gaming.
Alexander Gostev concludes, "With the potential profits to be made in this area, it is more than likely that malicious code designed to steal such information will continue to evolve rapidly."
|Printer friendly Cite/link Email Feedback|
|Date:||May 1, 2005|
|Previous Article:||Call for framework to report viruses.|
|Next Article:||Sober-N worm in over 40 countries, shows no sign of disappearing.|