Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Imperva Comments On Malware Decline In February

Imperva : 07 March, 2011  (Technical Article)
IT security specialist examines underlying causes of malware decrease and suggests a rise in evasion techniques skewing the statistics

PandaLab’s recent malware findings report indicates that the number of infected clients has decreased in February in relation to January. The data for this research was gathered from their antivirus tool. On the face of it this is a surprising fact as security researchers are continuously discussing an epidemic of client-side threats where there is a consistent increase in malware and their variants. However, looking closely at malware we see that hackers are investing in evasion techniques to bypass security controls, such as anti-virus. More so, as hackers are releasing new variants of client-side threats at such a rapid rate, anti-malware detection tools are faced with the nearly impossible task of keeping up-to-date with all new - and old- variants.


For instance, in our labs we have witnessed quite a few Trojans which were not detected by some common AVs for over a week. Other types of malware are used to sting victims very quickly so even if an AV detects the threat, it is already too late. Take for example the re-emergence of - what Imperva has dubbed - the "Boy in the Browser" (BitB) Trojan. This Trojan, once executed on the victim's machine, re-routes the victim's traffic to pass through an attacker controlled server. The BitB does this by tampering with the mapping of hostname to network address mechanism. Once this persistent change to the configuration file is performed, the exploit code is then removed from victim's machines. As a consequence, even if that user updated their latest AV content the next time they switched on their computer, no AV mechanism would detect this modification as the malware is not even installed on the machine.


We believe that although these results show a drop in malware, in reality, client-side malware will just continue to increase making the task of ensuring security on the client's machine all the more implausible. Ultimately, consumer infection has become a business problem. This means that businesses need to start dealing with this growing threat. While providers should urge consumers to be prudent, they must learn how to interact with infected consumers and create a safe business environment for them regardless of the general threat. These solutions include identifying account takeover, defeating phishing campaigns, detecting infected clients, interacting with infected clients and even sandboxing client sessions

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo