NOW READ THIS
("Security Advisory")
Go Back
Submitted by: Bill Hickey
NCVA List Master
NRT-0167 Server Side Polymorphic Viruses Surge Past AV Defenses:
Throughout the first quarter of 2007, server-side polymorphic malware exploded across email, exploiting the well-known zero hour vulnerability of traditional antivirus solutions, according to a report cited in an online news article. The "Q1-2007: Malware Outbreak Trends" released today by Commtouch, shows how malware writers are using speed, variation, and social engineering techniques to mass-distribute their malicious code across the internet. "The server-side polymorphic distribution pattern has proven a 'success' for malware writers. This method is so adept at evading anti-virus defenses, that it is now being adopted on a large scale," said Haggai Carmon, Commtouch vice president of products. "By creating a massive number of distinct variants and releasing them in short, intense bursts, virus writers are able to release new variants so quickly that signatures or heuristics cannot be created quickly enough to protect against them all." During a peak early in the quarter, the Storm/Nuwar malware released over 7,000 such variants in a single day.
Another increasingly common tactic is the use of social engineering techniques developed by spammers to help spam slip past email users' defenses. Malware writers recently began adopting these methods on a large scale to help lure users to open messages and click on attachments. The Storm/Nuwar outbreak in mid- January used tabloid-style email subjects. In February the Tibs/Zhelatin email-borne malware disguised itself as a friendly Valentine's Day greeting, coupling affectionate subject line greetings with docile sounding file names. The Nurech malware tries to fool its victims by adding benign sounding filename extensions such as '.doc', '.jpg' and '.pdf' before the file type '.exe'.
"Once focused on searching for vulnerabilities in computer applications, virus writers are now exploiting the vulnerability of the anti-virus solutions themselves - the zero-hour," explains Carmon. "This new breed of threats is making every hour of an attack a revolving zero-hour, and even the antivirus solutions need virus protection."
(www.tmcnet.com 02May07)
Last Modified: Sunday, 06-May-2007 09:31:21 EDT