All is not well with virus protection

Hans vd Groenendaal

Hans is a contributor for EngineerIT.

Full Profile

E-mail

All is not well in the world of virus protection. A report published by Commtouch, a company that supplies messaging and web security technology to more than 100 security companies and service providers for integration into their solutions, alluded in their second quarter report to new Trojan variants that had evaded antivirus agents.

The report states that from late May through June, Commtouch Labs identified a sharp rise in the number of new viruses being circulated via email that were not caught by the major antivirus engines. There were several malware outbreaks whose wide distribution caused malware numbers to temporarily and exponentially increase from the consistently low quantities of malware distributed via email during the past 18 months.

One explanation for the dramatic rise is the appearance of aggressive new variants of several different Trojans. With each new variant, there is a period of time during which it is recognised by anti-virus companies, who then develop new signatures to protect their customers. The companies have tried blocking new variants with a dedicated signature per variant. This method proved inefficient, so security vendors have begun to develop generic signatures to block all variants of the same malware family.

As demonstrated by this massive growth, the generic signatures have not proven to work against the recent variants.

Commtouch’s quarterly trend report is based on the analysis of over two-billion email messages and internet transactions daily in the company’s cloud-based global detection centres.

Spammers and malware distributers have used events including the swine flu epidemic and death of pop star Michael Jackson to spread their messages. Sites in the “health” and “web-based email” categories topped the list of web categories manipulated by phishing schemes.

“Business” was the web site category most infected with malware. An average of 376 000 zombies were newly activated each day for the purpose of malicious activity. Image-based spam returned with new tactics foregoing MIME-format standards to trick anti-spam engines. Spam levels averaged 80% of all email traffic throughout the quarter, peaking at 97% in April and bottoming out at 64% in June.

“For the last year and a half, anti-virus engines effectively blocked many virus variants with generic signatures,” said Amir Lev, chief technology officer of Commtouch. “In the second quarter, however, malware distributors introduced large quantities of new variants which are immune to these generic signatures, therefore causing sharp increases in undetected malware samples that were blocked by Commtouch.”

Commtouch Recurrent Pattern Detection and GlobalView technologies identify and block messaging and web security threats, including increasingly malicious malware and phishing outbreaks.

Reported global spam levels are based on internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering at the ISP level.

Detection and GlobalView technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch technology automatically analyses billions of internet transactions in real-time in its global data centres to identify new threats as they are initiated, protecting email infrastructures and enabling safe, compliant browsing.

Virus protection – discussion

EngineerIT