Virus and Malware Prevention Is an Ongoing Battle

You don't have to look hard to find examples of public and private organizations that have been hacked by viruses and harmful worms - a quick Internet search will turn up plenty.

The Charlotte Observer in North Carolina reported on Sept. 25, 2009, that 236,000 records at the University of North Carolina at Chapel Hill were compromised by virus activity. The data was from the Carolina Mammography Registry and was being used for a university research project. The intrusion was detected in July, but may have occurred in 2007 and gone undetected for years.

SC Magazine reported in a May 29, 2009, blog post that the personal information of customers at Batteries.com, a provider of mobile equipment batteries, had been exposed and possibly used in identity crimes after a hacker infiltrated a company server. The breach occurred in February and was discovered in March after a customer notified Batteries.com about suspicious activity on a credit card account.

The UK's Daily Mail newspaper reported on Sept. 22 the Clampi virus, a strain of malicious programming that infects computers when a user visits a site containing the code. The virus waits until the user visits a financial site, such as a bank or credit card company, and then captures login and password information. The article claimed that Clampi is spreading quickly across the United States and Britain.

Holes in Armor

These organizations had anti-virus software in place, as most places do, but that wasn't enough. And an August report from Virus Bulletin, a publication informing readers about computer viruses and prevention, offered minimal comfort.

The report revealed that 12 of 35 vendor-submitted anti-virus programs failed to secure a Windows environment in a test run during a recent company review. The 12 products included offerings from big names like PC Tools, CA and Symantec.

While 12 out of 35 is much better than 35 out of 35 - there's still room for improvement. Is just installing an anti-virus program on your system enough?

"That's the safety belt. Putting on a safety belt doesn't stop accidents. So if you think of it in that regard - that's the absolute bare minimum," said Jeff Moss, also known as the Dark Tangent, the founder of the Black Hat and DEFCON computer hacker conferences. He was sworn into the Obama administration's Homeland Security Advisory Council in 2009 and consults federal officials on security measures.

IT security professionals usually have to play catch-up with their adversaries.

"That's just the nature of the beast," Moss said. "It's always easier to attack than defend. It's always easier to destroy than to build. And the nature of our infrastructure is so complicated that it's easier to point out one fatal flaw here or there than it is to rebuild the whole system."

Many anti-virus programs come equipped with an assortment of detection and elimination measures. For example, one scans for known virus or malware signatures in a system. But strains of malicious code come so quickly that the programs can't identify every bad thing that's out there with a signature approach.

"If it's not obsolete already, it will be in the very near future because we see 60,000 new entries [malware signatures] a week. So that is basically a battle we are going to lose in the end," said Righard Zwienenberg, president of the Anti-Malware Testing Standards Organization and an employee of Norman, a Norwegian company that produces malware prevention tools.

"This is a problem for the whole industry, so a new approach has to be found," he said.

Attacks aren't only becoming more dynamic and numerous, they're also increasingly targeted,