A deadly invasion of attackers in cyberspace may not sound as menacing as an alien invasion from outer space, nor is it likely to become a best-selling thriller or a block buster movie, but it is actually much more likely to happen.
While, in truth, all discussions about dangers in cyberspace are often too cryptic a theme to be a billable, the fact remains that cyberspace is in danger of being polluted by a locust-like swarm of bots, botnets, and zombies.
Although this may sound like hype, it’s actually a quiet description of a growing menace. At least, that is how this worst case scenario looks right now. In fact, the case can be closed with some simple math: malicious programs are spawning at a higher rate than the legit apps designed to counteract them. Like tired defenders leaning on the stones of a castle’s turrets, traditional malware solutions are being worn down. New virus protection is needed as an effective countermeasure. In the incessant war against good and evil in cyberspace, consumers need to ask for more protection and security providers need to band together to come up with adequate virus protection.
Introducing the Game Changer
Admittedly, all this sounds like alarmism, but there is a good reason for concern: there is a new enemy in town, a villain by the name of “server-side polymorphism.”
This menace was created by ingenious and malicious malware authors, and the way it works is quiet, sneaky, and deadly. Usually, the victim only knows he has been attacked when all seems lost. This is because the malicious code has managed to evade detection by standard security metrics.
How an Attack is Launched
When a user innocently visits a compromised website, his or her computer system or network experiences a distributed threat. The compromised website spawns a new infected file quickly and regularly; in fact, one every few minutes. These files evade detection by traditional antivirus programs because they are mutated—that is, each file is different than the one born before. Because these infectious files are mutated, they each have their own signature. Unique signatures effectively throw off the radar of malware behavior detection because no two signatures are alike. In essence, then this botnet outwits traditional software that detects signatures and discernible patterns.
The Botnet’s Evil Intentions
According to researchers at Lavasoft “The main purpose of these backdoors is to steal credentials for Internet-banking, trade platforms and RBS (remote banking services).”
Stemming the Tide
One suggested countermeasure is the application of a reputation-based security measure. This works similarly to how a consumer might rate an eBay service provider or a reader rate a book on Kindle. A user will automatically be informed of an application’s reputation when tempted to download it. This early warning system will prevent them from making uninformed installations. However, for this plan to work, the rating has to be done in an automated way, because the average online user is not able to distinguish the difference between a benign and a malignant program.
The Whitelisting Solution
While a reputation-based rating system would stem the tide, whitelisting would provide a more definitive, long range solution. However, for this system to be effective certain prevailing constraints would have to be removed: the whitelisting solution would have to be inexpensive to be widely used, it would have to be automated to be done quickly and comprehensively, and it would have to be dynamic to protect even the most agile end-user computing devices.
If the present trend continues unabated and malicious programs outnumber, outmatch, and outwit benevolent programs, then a crisis will negatively tip the balance on how safe it is to visit websites, respond to download invitations, and surf in uncharted territory. While developing a rating system will provide a short-term solution and whitelisting will provide a long-term solution, it is not clear how these possible solutions can be rolled out in an effective way.