« MS Patch Tuesday Wrap-Up | Main | The Russians Are Spamming »

While zero day attacks have grabbed many of the recent headlines, it seems a newer and much more insidious type of attack stands to become a much bigger problem. As I've blogged here before, zero day attacks are attacks that seek to exploit the most recent software weakness on or before the day users are alerted to the problem.

As this article from Computer Weekly reports, the new malware is actually much more dangerous, as it’s never meant to be detected. This new type of hack is no longer just some kid trying to show off their hacking skills to the world, but is instead created entirely with criminal intent. The new malware is meant to sit on a computer and disrupt nothing so as to stay deeply undercover, and this allows it to slowly leak out the user's vital information.

Mikko Hyppönen, chief research officer at security firm F-Secure, said “They send the malware as an attachment in an e-mail spoofed to look like an internal e-mail coming from a real colleague with an address that actually exists within the company. The e-mail message is even written in the local language, and the attachment, which is actually malware, is disguised as something innocent, like a Word document. When opened, it even looks like an internal document with company headers and footers.”

The extent of these stealth attacks are hard to measure as so few have been uncovered. Once installed on a machine, these Trojans can catch passwords, scan networks, export information and serve as a base for further attacks.

One reason there is scant protection against these type of attacks is that they are precision targeted, meaning only a few victims are chosen, and the malware is so specific to the target that they never even show up on Microsoft’s or some other software company’s radar as something that needs to be patched.

Jay Heiser, research vice-president at Gartner, said, “Security is still down to good hygiene and carefully managed information security that is effective against entire classes of threats. Various forms of host attack prevention systems still have a lot of potential for protecting code that is not addressed by anti-virus software. But the main message remains: if you don’t recognise it, don’t let it run.”

Also, rather than concentrating on stopping incoming threats, companies need to look for inconsistencies on their network – high levels of e-mail activity, large movements of data, and packet inspection to see if data is being bled in small broadcasts to unknown IP addresses.

Others say that this simply reveals that the life-span of our current virus software has just about run out, and the next generation of malware protection will have to be more comprehensive and much more closely tied to a computer’s operating system.

Posted by pschooff in Better Protection • Hackers |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/983