[ISN] VXers suffering from 'writer's block'

From: InfoSec News (alerts@private)
Date: Tue Nov 21 2006 - 23:03:54 PST


http://www.theregister.co.uk/2006/11/21/vxer_idea_drought/

By John Leyden
21st November 2006

Virus writers have run out of fresh ideas for the creation of malware, 
according to a study by Russian anti-virus firm Kaspersky Lab.

Kaspersky reckons that while the hacking community is developing "proof 
of concept" code for new platforms, it is unlikely that this work will 
result in malware capable of causing much damage.

"The overwhelming trends throughout 2006 indicate that the well of truly 
new ideas has run dry. Virus writers are feverishly trying to defend 
their creations against new protective technologies by creating proof of 
concept code for new platforms.

"However, these creations do not yet have a footing in reality: we are 
not seeing threats that would be able to cause millions and millions of 
pounds of damage, as Klez, Mydoom, Lovesan [the Love Bug] and Sasser did 
in the past," said Alex Gostev, senior virus analyst at Kaspersky Lab 
and author of its report Malware Evolution: July - September 2006 [1].

Gostev reckons virus writers are suffering from a form of writer's block 
that means malware authors - much like Hollywood production studios - 
are churning out a string of uninteresting sequels devoid of fresh 
ideas.

"Threats are no longer global and are not effective for as long as they 
used to be. There's nothing really new taking place. It's the same 
unending stream of Trojans, viruses, and worms - the only difference is 
that the numbers have significantly increased," Gostev said.

Kaspersky reckons the battle between VXers and security firms has 
reached a stalemate. Although anti-virus firms have taken steps to speed 
their reaction time and improve heuristic technologies capable of 
identifying malware strains without fresh signature updates, the bad 
guys have learned to live with faster reaction times or else 
concentrated their efforts on users who fail to deploy adequate security 
protection. Gostev thinks the present impass is unsustainable and either 
VXers or the anti-virus community will gain the ascendancy over coming 
months.

The report also looks at key malware trends over the period between July 
and September 2006. Over the period, virus writers concentrated their 
efforts on a variety of Microsoft Office vulns that became exposed, 
often timing the release of malware with Microsoft's patch schedule to 
maximise the potential for mischief. Chinese hackers have been 
particular active in this area. Kaspersky advises Microsoft to brace 
itself for another wave of attacks likely to accompany the release of 
Office 2007 later this year.

One of the few significant advances by VXers over the period came with 
the release of Mobler, a cross-platform virus capable of infecting both 
Symbian and Windows systems. The proof-of-concept code failed to cause 
much harm but might become a template for more dangerous attacks, 
Kaspersky warns. Also of note on the mobile virus front was a new 
version of Comwar, which used file infecting technologies as well as 
traditional MMS and Bluetooth propagation methods in order to spread.

Kaspersky warns that a recent vulnerability in the Wi-Fi function of 
Intel Centrino processors, discovered in August, might also lend itself 
to exploitation by virus writers even though such a threat has failed to 
materialise as yet.

[1] http://www.viruslist.com/en/analysis?pubid=204791907


_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Nov 21 2006 - 23:13:05 PST