Polymorphic malware increases as attackers get sophisticated

News by Dan Raywood

In September there was a significant rise in the number of generic polymorphic malware.

In September there was a significant rise in the number of generic polymorphic malware.

According to the Symantec Intelligence Report, at the end of July 23.7 per cent of all malicious email-borne malware was characterised as aggressive strains of generic polymorphic malware. However, in September this rocketed to 72 per cent as cyber criminals adopted a variety of more sophisticated techniques, such as sending emails purporting to be from a smart printer/scanner and forwarded by a colleague.

Paul Wood, senior intelligence analyst at Symantec.cloud, said: “The most recent attacks in the report are email-based, in the form of attachments disguised with some interesting social engineering.

“The anti-virus industry's response to polymorphic malware (and here we are talking about server-side polymorphism rather than client-side), has been the use of behavioural analysis in a virtual sandbox. This allows the code to be run in a tightly controlled environment where the anti-virus software can perform some analysis of its functionality.

“However, the new malware includes ways that attempt to defeat these emulators, including changing the start-up code in every version, subtly changing the structure to make it harder for emulators to identify it as malicious.”

Wood claimed that anti-virus technology cannot rely solely on heuristics and signatures to defend against attacks, and must take into account the integrity of the executable based on knowledge of its reputation and distribution in the wild.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews