How sophisticated is malware getting to avoid detection? The answer is not encouraging.
Today in Computerworld "Mutate, fragment, hide: The new hacker mantra" is a story outlining the mutation techniques that are currently being deployed by organized crime. Examples given include Swizzor "a Trojan download program discovered earlier this year that repacked itself once a minute to get past signature-based tools that work only if they know precisely what to block. Swizzor also recompiled itself once every hour."
The article quotes Matthew Williamson, principal researcher at Sana Security Inc:
"The fragmented nature of such code makes it harder to write removal scripts and to know if all malicious code has actually been removed, Williamson said.
Complicating matters is the growing use of rootkits to conceal malicious code on infected systems, he said. Rootkits can be installed at the operating system level or as kernel-level modules and are used to hide malicious code and processes from malware detection tools, Williamson said.
A malicious program named Haxdoor -- a variant of which was used to steal information from 8,500 computers in 60 countries in October -- is one example. Haxdoor was used to steal passwords, keystroke information and screen shots from computers it had infected and send them to a remote server.
It was also used to disable system firewalls and concealed itself in a rootkit on the infected machines."
It is from the use of these techniques that I believe that many enterprises will be vulnerable to successful attacks. This will result in the capture of uids and passwords used for authentication. This will then be used by organized crime to access systems like payables and authorize electronic transactions to fake companies.
Get a layered identity defense security system in place using stronger authentication and transaction authentication to protect your enterprise's crown jewels.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us