Q&A: Malware Trends

Marc Fossi manages research and development for Symantec Security Response where his primary role is executive editor of the Symantec Internet Security Threat Report. The Internet Security Threat Report offers analysis and discussion of Internet threat activity over a six-month period and covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks, as well as future trends.

Can you give us an idea on the amount of malware Symantec analyzes on a daily basis?
Well, I can say that according to our ISTR XIII we detected 499,811 new malicious code threats in just the first half of 2007, and that number doesn’t include adware, spyware or misleading apps.

What are currently the most insidious types of malware?
I would say certain Web-based malware would populate that category. In 2008, we observed the Web become the primary conduit for attack activity. In 2009, as the number of available Web services increases and as browsers continue to converge on a uniform interpretation standard for scripting languages, we expect the number of new Web-based threats only to increase.

Based on your research, what kind of outlook can we look forward to in 2009 when it comes to malicious code?
In addition to the increase in advanced Web-based attacks, we think the economic crisis will be the basis of many new attacks. This will include, of course, phishing attacks, but attacks may also exploit other types of fraudulent activity such as around economic issues including e-mails that promise the ability to easily get a mortgage or refinance.

We also expect to see attacks propagated through social networking sites to increase. We expect an upgrade in spam to the use of proper names, sophisticatedly segmented according to demographic or market. The upgraded spam will resemble legitimate messages and special offers created from personal information pulled from social networks and may even appear to come from a social networking “friend.” Once a person is hit, the threat can easily be spread through their entire social network.

How big of a problem are fake anti-malware solutions?
They’re a big concern right now. These so called “scareware” applications make promises to secure or clean up a user’s computer, but in reality are installed along with a Trojan horse program, produce false or misleading results and often hold the affected PC hostage until the user pays to remedy the pretend threats. Even worse, they can sometimes be used as a conduit through which attackers install other malicious software onto the victim’s machine. The best way to avoid becoming a casualty of one of these misleading applications is to use only antimalware software from an established and reputable security company.

What upcoming malware distribution techniques should we be on the lookout for?
Well, attackers have shifted away from mass distribution of a small number of threats to micro distribution of large families of threats. These new strains of malware consist of millions of distinct threats that mutate as they spread rapidly as a single, core piece of malware.

For years, consumers have been warned about mobile devices becoming susceptible to viruses as much as desktop computers. We’re still a long way from that point but infections are starting to appear. What kind of evolution can we expect?
With the increasingly widespread usage of more sophisticated mobile devices the attack surface is increasing, but we still haven’t seen many threats that are successful at attacking mobile devices directly, for example through Bluetooth or the device’s Internet connection. I think an attack on mobile devices will be most likely to originate from Web sites targeting a vulnerability in the device’s browser. Attackers already try to compromise multiple browsers from a single site, consider for example drive-by downloads, iframes, etc., so adding an exploit targeting a vulnerability in a mobile device browser to the same site would be easy enough.

Don't miss