Malware continues to evolve. In this news story released yesterday, a new form of mass mailing worm infects a computer, steals its email contact list, emails out to everyone on the list, then the computers that are now infected update their code every 30 minutes from a variety of other computers! At least 150 different variations have now been identified.
This story indicates several things:
1. We can no longer maintain lists of "bad things" and let all the "good things" through the firewall. The rate of change of the malware is now way too fast for this to be reliable. Furthermore, someone has to discover a "bad thing" before it makes the list. What happens if your enterprise gets struck before someone discovers it and then makes a patch and then you install it?
2. The pace of attacks is picking up speed. There are so many computers on the internet that are infected, that there are now bot wars between malware trying to remove other malware. The number of infected computers means that the number of attacks increases. As bots evolve, this means that a new attack pattern can be quickly replicated and soon perhaps millions of computers are now infected and attacking the enterprise firewalls.
3. Enterpises need multiple layers of defense. The perimeter needs layers, inside the enterprise there also needs to be multiple layers of defense. Enterprises need to have a security architecture that admits that the outer and even some of the inner layers will be breached and prepare to contain the damage.