22,000 new malware samples per day, a network worm breakout and the sandbox-enabled antivirus

January 12, 2009 · Filed Under News, Security 

News - A succession of fresh, quality news, from inside and outside of the WebFrom a computer security standpoint, 2008 surely has been a year of passion. Nay worse, it has been a dramatic year characterized by figures beyond any imagination, a steady hammering of new threats that has lasted till the end and that is expected to be the same or even worse during this year.

As already highlighted by Trend Micro’s evaluations, Internet has become a very dangerous place turning into the main source of infections by worms, trojans, rootkits and so on. A more detailed representation of the problem’s dimensions comes from the Spanish security enterprise Panda Security, that in its annual report says to have identified, during 2008, an average of 35,000 malware samples per day, 22,000 of which have turned to be new infections.

Within the end of 2008 Panda Security has identified 15 millions total threats, exceeding the estimated 5 millions and summing up, in the first 8 months of the year alone, more malware samples than the ones detected during the previous 17 years of the company’s life. Malware has increased in an exponential manner, and the absolutely most persistent threat have been trojans, malicious software designed for stealing sensitive data, installing backdoors, deleting or encrypting files and downloading other malware from the Net.

Malware categories during 2008 Q4

In the last quarter trojans have been 77.49% of detected malware, with a not so different yearly overall rate of 70.1%. The other prevailing malicious software categories include adware (19.9%) and worms (4.22%), that together with the above said trojans have reached 94% of the total amount. In 2008 phenomena like spam, botnets, phishing, cyber-crime and frauds have experienced a spread without precedents, and according to Panda Security 2009 should be even worse.

If in any case the amount of samples and trojans to analyze (also, of course, those of the same malware family) has hugely grown, among the most significant accidents of the just ended year Panda and the other security firms count the Conficker worm (also known as Downadup), a piece of code built to exploit a flaw in the Windows Server service that forced Microsoft to release an out of order security bullettin (MS08-067) with patch.

According to the experts, despite the Redmond on time intervention Conficker managed to build a massive botnet and still remains one of the most dangerous threats in the wild. All the more that, according to F-Secure, this “old school” worm reminiscent of the epidemic infections of the past seems to particularly prefer corporate local networks, where it uses polymorphic techniques and modifications to Active Directory permissions to make removal more difficult.

The worm, whose propagation is helped by the ongoing appearance of new variants, “learned” in the past days some new tricks like the exploitation of Autorun and Autoplay features in Windows hence adding removable drives to the list of infection potential vectors. According to the last information released by F-Secure, the web domains currently used by Conficker/Downadup sum up to more than 2,500 entries.

Conficker, the autorun variant

In front of such an overwhelming menace to user’s security and data which solution does fit better? Installing an excellent antivirus already is a first step toward a less perilous and troublesome computing experience, but at par with the (malware) species evolution security firms are constantly in search for new defensive and cyber-crime fight strategies too. Kaspersky Lab, for instance, has just released the first prototype of what should become its antivirus suite for the next Windows 7.

The software, directly downloadable from the Kaspersky FTP servers, aside from an improved interface will also include a “highly effective” on the fly heuristic analysis engine, capable of blocking unknown malware with a sandbox technology in which the software to scan will be executed and tested to verify its possible malicious intents, and this even before Windows can access the executable file on the matter. Insofar as this kind of solution isn’t new at all, it will be interesting to verify if a well-known publisher like Kaspersky will succeed in this way in further improving the already good results of its security software.

Share this post!
  • Slashdot
  • Digg
  • Reddit
  • StumbleUpon
  • del.icio.us
  • Technorati

Related posts

Tags: , , , , , , , , , , ,

Comments

2 Responses to “22,000 new malware samples per day, a network worm breakout and the sandbox-enabled antivirus”

  1. Panda Save on January 20th, 2009 2:59 pm

    Trojans and malware infection from Russia can cause huge problems as they are often made to attack in very discreet methods.


    Browser Internet Explorer 7.0 Internet Explorer 7.0 on the O.S. Windows Vista Windows Vista
    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
  2. Irfan Johanda on March 17th, 2009 9:46 am

    but sometimes sandboxing leads to false positives :( so it’s a double-edged sword…


    Browser Firefox 3.0.3 Firefox 3.0.3 on the O.S. Ubuntu Ubuntu
    Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008101315 Ubuntu/8.10 (intrepid) Firefox/3.0.3

Leave a Reply