Is the hacking community running out of fresh ideas?

(23/11/2006)

According to a new report by Kaspersky Lab, the hacking community has run out of fresh ideas when it comes to creating new malware. Malware Evolution: July – September 2006 states that while the hacking community is developing ‘proof of concept’ code for new platforms, it is unlikely that it will translate in to malware capable of causing substantial and lasting damage.

Says Alex Gostev, Senior Virus Analyst at Kaspersky Lab and author of the report: “The overwhelming trends throughout 2006 indicate that the well of truly new ideas has run dry. Virus writers are feverishly trying to defend their creations against new protective technologies by creating proof of concept code for new platforms. However, these creations do not yet have a footing in reality: we are not seeing threats that would be able to cause millions and millions of pounds of damage, as Klez, Mydoom, Lovesan and Sasser did in the past.”

The report states that the current malware landscape is characterised by a mixture of occasionally interesting and intermittently technical malicious code, such as viruses using cryptographic techniques: “Threats are no longer global, and are not effective for as long as they used to be. There's nothing really new taking place. It’s the same unending stream of Trojans, viruses, and worms - the only difference is that the numbers have significantly increased,” says Gostev.

Gostev adds that virus writers and the anti-virus community have reached a stalemate: “We're currently experiencing something of a stand-off. Anti-virus companies are working at the limits of their capabilities in terms of speed, and have, to a great extent, already reached certain technical boundaries in terms of technologies employed. Virus writers find the current reaction times of anti-virus companies - which can be a few hours or as little as a few minutes - acceptable, and have come to terms with what they can achieve within these windows of opportunity.”

However, Gostev concluded that when the current stalemate is finally broken, the information security industry will enter a new era: “All the events of the third quarter of 2006 lead me to conclude that both the Internet and the field of information security are on the verge of something totally new. Either anti-virus companies will go on the attack, making a new concerted effort to quash the virus uprising; or virus writers will come up with something truly new, raising the bar for the anti-virus industry as a whole.”


The report identifies all the key malware trends witnessed by Kaspersky Lab during the last three months, including:

Microsoft Office vulnerabilities

The plethora of vulnerabilities in Microsoft Office has attracted a lot of unwanted attention from virus writers, who are timing their attacks around Microsoft’s patch schedules to maximise damage. The report found Chinese hackers to be the most active in targeting Microsoft vulnerabilities between July and September; and predicts that Microsoft should expect another wave of attacks with the release of Office 2007 in to open beta testing.

Mobile malware

There were a number of new pieces of malware between July and September. A new variant of Comwar emerged – Comwar v3.0 – which is significant because of its ability to use file infecting technologies. This makes it possible for it to spread in yet another way, in addition to its traditional MMS and Bluetooth propagation methods.

Mobler.a was the first cross platform virus capable of infecting both Symbian and Windows systems. It may be a proof of concept code, but it could theoretically become one of the most popular methods for infecting mobile devices. It's also possible that it could have even more of an influence on the evolution of mobile malware than propagation via MMS, as not only the handset, but also the computer would be targeted.

In addition to the fact that the content of SMS messages can be stolen, SMS messages can also be used to steal money from the subscriber’s account. Wesber, the latest Trojan for J2ME, implements this functionality. Wesber was originally detected at the very beginning of September, and it’s the second Trojan that is capable of functioning both of smartphones and the vast majority of modern handsets, as it's written for the Java platform.

Wi-Fi

The Wi-FI worm has moved closer to becoming a reality following the vulnerability detected in the Wi-Fi function of Intel Centrino processors, announced by Intel in August. Such a vulnerability in Intel Centrino chips makes the appearance of a worm which would spread from laptop to laptop within its Wi-Fi range more likely. The worm detects a vulnerable laptop and sends a specially crafted packet to exploit the vulnerability. It’s possible for the worm to then send its body to the computer under attack, and then start the infection-propagation cycle again. The only obstacle would be how to find victims to attack.

“Wi-Fi adaptor vulnerabilities are still rare, but who knows what will happen in the future? After all, it's not so long ago that mobile malware seemed like the purest science fiction,” says Gostev.

Related topics:  IT Network and Computer Security   Security market sectors 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources