PandaLab’s recent malware findings report indicates that the number of infected clients has decreased in February in relation to January. The data for this research was gathered from their antivirus tool. On the face of it this is a surprising fact as security researchers are continuously discussing an epidemic of client-side threats where there is a consistent increase in malware and their variants.
However, looking closely at malware we see that hackers are investing in evasion techniques to bypass security controls, such as anti-virus. More so, as hackers are releasing new variants of client-side threats at such a rapid rate, anti-malware detection tools are faced with the nearly impossible task of keeping up-to-date with all new – and old- variants.
For instance, I have witnessed quite a few Trojans which were not detected by some common AVs for over a week. Other types of malware are used to sting victims very quickly so even if an AV detects the threat, it is already too late. Take for example the re-emergence of the “Boy in the Browser” (BitB) Trojan. This Trojan, once executed on the victim’s machine, re-routes the victim’s traffic to pass through an attacker controlled server.
The BitB does this by tampering with the mapping of hostname to network address mechanism. Once this persistent change to the configuration file is performed, the exploit code is then removed from victim’s machines. As a consequence, even if that user updated their latest AV content the next time they switched on their computer, no AV mechanism would detect this modification as the malware is not even installed on the machine.
I believe that although these results show a drop in malware, in reality, client-side malware will just continue to increase making the task of ensuring security on the client’s machine all the more implausible. Ultimately, consumer infection has become a business problem.
This means that businesses need to start dealing with this growing threat. While providers should urge consumers to be prudent, they must learn how to interact with infected consumers and create a safe business environment for them regardless of the general threat. These solutions include identifying account takeover, defeating phishing campaigns, detecting infected clients, interacting with infected clients and even sandboxing client sessions.