Home > Uncategorized > Malware: Getting out of Control

Malware: Getting out of Control

Early this year I predicted that a proliferation of rootkits would occur. I was short sided in my prediction in that I missed the bigger issue—the spread of malware itself. Although rootkits comprise the most serious threat in the malware arena, rootkits are only one of many types of malware. Furthermore, rootkits typically set up back door access and also often incorporate keystroke or tty sniffing ability, functions that are also frequently built into other types of malware.

Several weeks ago I noticed a news item that stated that sites infected with malware (and thus that are capable of spreading malware to computers that connect to them) increased by 300 percent compared to last year. These statistics provide poignant evidence of the accelerating growth of malware. Interestingly, of the 213,000 sites that were found to be compromised by malware, over half of them were in the Peoples Republic of China. Incredibly, just ten networks around the world contain almost half of all sites that inject malware into computing systems.

Another news item stated that Microsoft has recently asserted that the most recent version of its Malicious Software Removal Tool has already eradicated password-gleaning programs from more than two million Windows systems. One of the most prevalent types of these programs is “Taterf,” which captures passwords entered during Internet gambling sessions. Microsoft also said that its Malicious Software Removal Tool has deleted Taterf from 700,000 PCs.

Malware has constituted a significant threat since the mid-1980s. Until about seven or eight years ago, the problem was at least in theory mostly controllable. Until then, most of the malware threat manifested itself in the form of viruses and worms, but anti-virus software designed to detect and eradicate these types of software has been available for many years. Although not all anti-virus software is equally effective, nor has it ever been, most of it has been sufficiently effective in containing virus and worm-related risks to an acceptable level. Until the last seven or eight years, the problem has instead been the number of PCs on which anti-virus software has not been installed, or if it has been installed, not regularly updated. With the increased profit-related motivation for writing malware that has occurred in recent years, however, writing malware that is undetectable as possible is now the rule. Writing viruses and worms, which generally replicate themselves profusely, has thus largely become a thing of the past. Trojan horse programs, which do not self-replicate, are now dominant. Unfortunately, most current anti-virus tools are not all that proficient in detecting and eradicating Trojan programs, and although tripwire tools are ideally suited for this purpose, these tools are generally quite a bit more expensive to purchase than are anti-virus tools, thus limiting the growth of the use of tripwire tools.

I predict that for the foreseeable future there will be no end in sight—malware will continue to grow as much as the price of petroleum. A long-term solution for the malware problem is desperately needed, but this answer will not be third-party software of any kind. Instead, Microsoft and other operating system vendors need to build mechanisms that defend against malware infections directly into their products. Security that is retrofitted is never as suitable as security that is built in right up front; this is as much true with malware prevention as with anything else.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.