Malware quieter, more malicious

From: http://www.post-gazette.com/pg/10255/1086646-467.stm

Did you notice we haven't heard from Melissa lately? Or any of her evil friends -- trojan horses and viruses that we used to see all the time.

That, according to David Perry, global director of education at Trend Micro, is because the types of malware that we're seeing these days (or not seeing) are different and more sinister.

Mr. Perry, whose participation in the antivirus market dates back to 1990 with the Peter Norton Co. and McAfee, tells us the majority of the malware attacks on computer systems and networks in recent memory have been trying to run silently, unlike those of Melissa's ilk which tried to get your attention to prove their creators were macho megalomaniacs.

Mr. Perry quotes statistics showing there are more than 200,000 new malware threats everyday; and on one date the number of new threats even reached 500,000. That compares with three to five per month that sprang up in the 1990s.

The real issue is not the number of threats but the stealthiness of the threats, the rapidness with which they attack each system then leave and the actual intention of the malware developers.

He suggests that organized crime has a major stake in these new threats, and that the sole purpose is to steal your vital information, including your credit card numbers, your passwords and any other information that can be used to steal your ID.

That's enough to scare me.

But I've always been a little bit more cautious about protecting my data than most people. Unfortunately, there are only so many things we can do to protect ourselves. Mr. Perry says there are so many places a hacker can get into your system that it is impossible to protect it in the traditional way.

Hackers use key loggers, session recorders and screen scrapers to find out and record what you're typing. They get to your data from inside your system, not from the outside, and they don't necessarily use it immediately -- if at all. He suggests that they're more likely to sell the data in massive doses than to use it themselves.

That's where organized crime comes in. According to Mr. Perry, it could be two years before they use that stolen credit card number they took from you; and the stolen data might've passed through several hands before somebody finally uses it. He says there's even a market on the Internet to a buy and sell this type of data.

His company, Trend Micro, is so convinced traditional antivirus techniques will no longer put a dent into the threat, that on Sept. 8, the company was scheduled to release a consumer product to keep you from going to dangerous websites instead of just trying to fix a problem on your system.

Those websites might only be dangerous because a bad guy turned them against you -- not because the website operator is evil. That makes it hard to protect you against yourself.

Mr. Perry's new service puts up warnings that a silent threat might be awaiting you if you continue to the site. It lets you go there if you really want to. Just keep your fingers crossed.


Read more: http://www.post-gazette.com/pg/10255/1086646-467.stm#ixzz0zXgq6sTl