Malware rebirthing suites intensify security arms race

Dec 12, 2011 by Nic White
Dr Brand says antivirus software is already struggling to keep up with the growing volume of malware rapidly appearing on the internet, more than 75 million by the end of 2011.

New breeds of malware could leave computer systems and even critical infrastructure defenseless to attack from cyber criminals or foreign governments.

ECU senior lecturer Murray Brand says a theoretical attack strategy he calls a malware rebirthing would render existing antivirus measures obsolete by using different kinds of malware in a coordinated strike.

The attacker would first use a worm to create a botnet of infected slave computers, then upload a honeypot program to attract and capture other malware from the internet.

The captured malware would then be sent back to the attacker and altered in what Dr Brand calls a rebirthing suite, improving its defences against antivirus programs with anti-analysis tools and tailoring them for the coming attack before distributing them among the botnet.

The now has an array of advanced, customised malware that are extremely difficult if not impossible for antivirus programs to detect that can be deployed against a target system from multiple angles.

“Recognition of malware is dependent upon an analyst having already analysed the behaviour of the malware and extracted an identifying signature,” Dr Brand says.

If the new malware is significantly different to any known malware, antivirus software is unlikely to recognise the threat until the malware has disabled it.

Dr Brand says antivirus software is already struggling to keep up with the growing volume of malware rapidly appearing on the internet, more than 75 million by the end of 2011.

He says one third of malware in existence was created in the first 10 months of 2010 and new threats are often not properly identified for 48 days, with another 48 hours to program new definitions.

Dr Brand says the processing power needed to scan for and delete malware my soon outstrip the capacity of most computers.

This could flood the target system with a massive volume of malware or hide malicious-looking code in good programs to force them or the entire system to be taken offline, or acting as a decoy for the real attack coming from another angle.

“At the other end of the spectrum, customised malicious software that does have a coordinated objective could be used to take over control of or network operations in a very stealthy manner,” Dr Brand says.

He says most of the components for a malware rebirthing botnet exist and with cyber crime being more lucrative than drug trafficking it is likely that a similar model will be functional in the near future.

Explore further: Study: Social media users shy away from opinions

Source: ScienceNetwork Western Australia

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Microsoft to Offer Free Antivirus Protection

Jun 11, 2009

Microsoft is gearing up to offer Windows users a free real-time antivirus protection. Code name Morro, the antivirus product will be a hosted service. Morro works by routing all users Internet traffic to a ...

Grisoft Offers Free Rootkit Removal

Apr 11, 2007

Grisoft, makers of the popular AVG Antivirus, today released a free tool specifically aimed at eliminating malicious software that hides itself using rootkit techniques.

2007 looks like year of 'malware'

Sep 18, 2007

The problem of malicious software or malware appears to be getting exponentially worse. So far this year, IBM Internet Security Systems (ISS) X-Force research and development team has identified more than 210,000 new malware ...

Recommended for you

Study: Social media users shy away from opinions

19 hours ago

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Ethelred
5 / 5 (1) Dec 12, 2011
Recognition of malware is dependent upon an analyst having already analysed the behaviour of the malware and extracted an identifying signature, Dr Brand says.
This hasn't been true for several years.

antivirus software is unlikely to recognise the threat until the malware has disabled it.
If it isn't recognized as benign it will be stopped by most AV suites this year and last. Eset and others added it this round. Norton and Panda had it several years ago.

This could flood the target system with a massive volume of malware or hide malicious-looking code in good programs
This does not work against server based reputation systems. It only works when idiots choose to ignore the warnings of their AV programs.

If you have a reputation based AV the only way these techniques can infect your computer is if you ignore the warning that the executable is unknown and not trusted. Which a lot people do but 'against stupidity the gods themselves contend in vain'.

Ethelred