As malware is more and more written with a specific goal in mind, antivirus firms are deploying more intelligent recognition tools and creating unique signatures for individual clients.
Over the past few years, malware attacks have evolved from a sawn-off shotgun approach, where a virus is released into the wild with the objective of infecting as many computers as possible, to a sniper approach, where Trojans are specifically written to spy on a particular corporation or even an individual.
Eric Ouellet, a research vice president in Gartner's security, risk and privacy group, said that targeted attacks are among the most difficult to defend against.
Speaking at the Gartner Symposium in Sydney last week, Ouellet said: "They are not arbitrarily firing a bullet and hoping it will hit somebody. They are aiming it at a computer or person.
"They will attack a large bank and create a virus or hack that is specific to them. People like Symantec or McAfee will not produce a signature for that--why would they produce it for just that one company?" he told ZDNet Asia sister site ZDNet Australia.
Rob Forsyth, Asia-Pacific managing director of AV firm Sophos, stated that the company's "genotype" expertise is able to find unidentified malicious code, which makes signature files less critical.
"If we think it looks like a bad thing and smells like a bad thing we have seen before, we don't have to taste it to know it is bad. If it has the general attributes we normally associate with malware we will protect against it," he said.
Forsyth contradicted Ouellet’s claim about individual signatures by admitting that Sophos already has at least one customer for which it has created unique signature files.
"We have governmental, law enforcement-type agencies that have a specific requirement that file types of a nominated variety never go through their gateway. We built a specific set of signatures for them," said Forsyth.
While it doesn't use custom signatures, MessageLabs also deploys smart tools to deal with unknown codes, according to Tom Chan, enterprise and partner services manager in Asia-Pacific.
Chan said that MessageLabs filter through more than a billion e-mails every week and uses signatures to quickly weed out known threats. Unknown codes are fed into a 20GB database that was built to analyse the behaviour of an application to determine its risk profile.
"We scan 1.4 billion e-mails a week and gather a very good understanding of what is good and what is bad ... When we see some code for the first time we throw it against the database which will tell us if we are seeing a virus for the first time," said Chan.
|
