Server-Side Polymorphic Viruses Beat Standard AV Signatures
In 2006, new kinds of computer viruses emerged that successfully countered traditional anti-virus solutions, claims a new report.
In its 2006 E-mail-borne malware Review publication, e-mail security developer Commtouch and Proofpoint said that server-side polymorphic viruses appeared during the past year. These launched much quicker attacks and included several variants aiming to get past typical anti-virus programs.
According to Commtouch VP of Products, Haggai Carmon, 2006 saw a new method of distributing e-mail borne malware comprising huge number of short-spanned and low-volume variants emerging every hour turning it into a 'zero-hour'. These variants were of 'Stration/ Warezov' and 'Happy New Year!' viruses.
Carmon continued to say in his company press release that throughout 2006 there have been outbreaks of thousands of unique variants that made attacks in successive overlapping waves, going on for weeks, sometimes even months. The barrage of those attacks nearly defeated traditional AV software to develop and transmit new signatures to protect end-users against risks of infection. Commtouch predicts, these types of attacks will mutate and intensify through 2007.
During past experiences, replicas of the same virus tended to be distributed in large numbers with one or at the most a small number of slightly altered variants. These were easy to arrest as anti-virus products developed faster solutions that could identify and destroy malicious code. But then code writers applied different techniques that were capable to exploit the 'zero-hour' flaw within those anti-virus mechanisms.
In the latest server-side polymorphic malware attacks the distributors create large quantities of exclusive malware variants and release them at the same time or in succession. The problem with these is that by the time a signature is released for one variant that variant has finished its circulation and several others have arrived.
A real-time protection is a must to save enterprises from exposure to unaccountable levels of risk, says Ram Habal, Director of Product Marketing for Proofpoint. Without that the cost of curing malware infection can go as high as $500 per infected PC. When an organization is hit by masses of variants of a virus, it must unfailingly block each one to prevent losses.
» SPAMfighter News - 17-01-2007