Time and boundaries are meaningless in the world of malware

Lisa Myers, director of research at West Coast Labs, reflects on the top five findings from one year of results from its Real Time testing facility, now deployed across the globe.

1 Old malware does not die, so you had best hang onto those older signatures
Our Real Time HTTP, FTP and SMTP feeds continue to report old malware such as Allaple, Mydoom, Netsky, Bugbear and Parite. Bugbear was first discovered in 2003 and both Netsky and Mydoom in 2004. Netsky and Mydoom were big news back in the “Virus Wars” of 2004, where there would often be multiple outbreaks of new variants worldwide.  They may no longer be newsworthy, but it does not mean you can forget about them!

2 Malware is not always on an upwards trend in every locale
We have seen a decline in attacks from Europe and Russia, and an increase in attacks originating from the Far East irrespective of a honeypot's location. In general, in the last eight or nine months the Far East has gained around five per cent more of the share of global malware, while Europe and Russia have fallen by the same amount. This does not say that Europe and the Far East have a corner on the market of malware, or that this trend will continue but it's worth watching.

3 We have exited the era of outbreaks – malware thrives by flying 'under the radar'
In the last year we have seen a distinct lack of global assaults, as almost everything is now 'targeted' rather than being spread as far as possible. This is no big surprise; we've been seeing this trend over the years, but considering how malware is still reported, it is important to reiterate. The malware that makes the evening news is not necessarily the malware that will be attacking your machine if you have got updated anti-malware software.

4 Malware will update itself to spread both new variants and different types of malware
There are some machines that we've seen pump out attacks of one piece of malware for several days and then switch to another piece of malware. We have seen some machines send out attacks of a dozen different pieces of malware over a period of months. At first this might seem somewhat counterintuitive, switching to a different type of malware. It could be one of two things. This could be the result of naming disparities among anti-malware vendors, but it has been seen numerous times over the years that a malware gang will change tactics sufficiently to warrant a family name change too. They might, for instance, change from focusing on DDoS to password stealing.

5 Malware comes from anywhere
It is not just the major countries of the world spewing malware - some of the 15 smallest countries in the world are represented on the list of attackers including St Kitts, Seychelles, Malta and Antigua and Barbuda.

West Coast Labs is part of the Haymarket Media group, publisher of SC Magazine
.


Sign up to our newsletters