ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Businesses told: Beware multi-component malware

Vivian Yeo ZDNet Asia

Published: 01 Jul 2008 10:31 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Malware is becoming increasingly complex, designed with multiple components that target different enterprise weaknesses, according to industry watchers.

In other words, the next security threat that hits your organisation could be a keylogger, Trojan and 'bot' rolled into one.

The first component will trigger off "a chain of other components that seek to stealthily accomplish" the intended purpose, according to Arun Chandrasekaran, industry manager for ICT practice at consulting firm Frost & Sullivan.

Jens Andreassen, vice president for Asia-Pacific at Fortinet, told ZDNet Asia in an email that multi-component threats have existed for several years, but today's blended threats have many more components or functionalities "to maximise the opportunity for a successful attack".

"As security products add multiple layers of defence, cybercriminals are matching this with a multi-component offence approach. Multi-component threats are…becoming more sophisticated and adding more and more components for a snowball effect," said Andreassen, adding that malware writers are also tapping on "higher-profile vehicles, such as blogs and social-networking sites".

According to Paul Ducklin, head of technology for the Asia-Pacific region at Sophos, the web has aided the rise of multi-component threats.

"Most modern malware involves a series of attack stages, relying on and using a number of parts," he explained. "With the internet, it is no longer necessary for the malware to carry around all the pieces it needs in a single file or on a single disk; additional parts can be easily downloaded when needed."

According to Ducklin, security vendors face both challenges and opportunities in dealing with multi-component threats. "The most obvious challenge is that, when we see one part of a multi-component threat, we don't automatically know where this component fits in to the entire attack."

"For example, we might receive an exploit which downloads a piece of malware from a URL which is not yet active. So, although we can now proactively block any future downloads, we can't yet say what risk the link poses to an unprotected computer," he said.

Read this

Q&A
Trend Micro: Antivirus industry lied for 20 years

Chief executive Eva Chen argues antivirus companies have over-hyped the effectiveness of their products, and misled customers, for years...

Read more +

On the other hand, there are more avenues to counter the threat; attacks can be thwarted by blocking any one of the components involved, noted Ducklin.

He said: "Such attacks have all the weaknesses of an electrical circuit — cut a wire anywhere and the whole thing goes dead — compared to the strengths of a parallel circuit, in which each component has to be isolated separately."

Businesses, said Ducklin, run into the danger of having their corporate websites used as "a staging post" for malware attacks. According to Ducklin, about 80 percent of all infected web pages are on compromised, legitimate sites.

Suffering a website attack not only damages the company's reputation by highlighting the fact that there is a security problem, it is also time-consuming and costly to repair, Ducklin pointed out. In addition, legitimate visitors may no longer be able to use the site effectively, and end up visiting a competitor's site instead.

Frost & Sullivan's Chandrasekaran added: "Due to the stealthy nature, many users might not detect any abnormality in their system behaviour and performance". Businesses, therefore, need to have a "defence-in-depth approach to security" and educate employees on security hazards in a timely manner, he said.

Credit: Be on guard against multi-layer threats from ZDNet Asia

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?


Full Talkback thread

0 comments

Company/Topic Alerts

Create a new alert from the list below:





Sentry Posts Blog

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

3 comments

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Post a comment

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

5 comments