Government Technology

Virus and Malware Prevention Is an Ongoing Battle



November 11, 2009 By

You don't have to look hard to find examples of public and private organizations that have been hacked by viruses and harmful worms - a quick Internet search will turn up plenty.

The Charlotte Observer in North Carolina reported on Sept. 25, 2009, that 236,000 records at the University of North Carolina at Chapel Hill were compromised by virus activity. The data was from the Carolina Mammography Registry and was being used for a university research project. The intrusion was detected in July, but may have occurred in 2007 and gone undetected for years.

SC Magazine reported in a May 29, 2009, blog post that the personal information of customers at Batteries.com, a provider of mobile equipment batteries, had been exposed and possibly used in identity crimes after a hacker infiltrated a company server. The breach occurred in February and was discovered in March after a customer notified Batteries.com about suspicious activity on a credit card account.

The UK's Daily Mail newspaper reported on Sept. 22 the Clampi virus, a strain of malicious programming that infects computers when a user visits a site containing the code. The virus waits until the user visits a financial site, such as a bank or credit card company, and then captures login and password information. The article claimed that Clampi is spreading quickly across the United States and Britain.

Holes in Armor

These organizations had anti-virus software in place, as most places do, but that wasn't enough. And an August report from Virus Bulletin, a publication informing readers about computer viruses and prevention, offered minimal comfort.

The report revealed that 12 of 35 vendor-submitted anti-virus programs failed to secure a Windows environment in a test run during a recent company review. The 12 products included offerings from big names like PC Tools, CA and Symantec.

While 12 out of 35 is much better than 35 out of 35 - there's still room for improvement. Is just installing an anti-virus program on your system enough?

"That's the safety belt. Putting on a safety belt doesn't stop accidents. So if you think of it in that regard - that's the absolute bare minimum," said Jeff Moss, also known as the Dark Tangent, the founder of the Black Hat and DEFCON computer hacker conferences. He was sworn into the Obama administration's Homeland Security Advisory Council in 2009 and consults federal officials on security measures.

IT security professionals usually have to play catch-up with their adversaries.

"That's just the nature of the beast," Moss said. "It's always easier to attack than defend. It's always easier to destroy than to build. And the nature of our infrastructure is so complicated that it's easier to point out one fatal flaw here or there than it is to rebuild the whole system."

Many anti-virus programs come equipped with an assortment of detection and elimination measures. For example, one scans for known virus or malware signatures in a system. But strains of malicious code come so quickly that the programs can't identify every bad thing that's out there with a signature approach.

"If it's not obsolete already, it will be in the very near future because we see 60,000 new entries [malware signatures] a week. So that is basically a battle we are going to lose in the end," said Righard Zwienenberg, president of the Anti-Malware Testing Standards Organization and an employee of Norman, a Norwegian company that produces malware prevention tools.

"This is a problem for the whole industry, so a new approach has to be found," he said.

Attacks aren't only becoming more dynamic and numerous, they're also increasingly targeted,


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
View All

Featured Papers