Virus writers up the ante

10 Jan 2007

New breeds of computer viruses released last year succeeded in beating traditional antivirus systems, a new report has claimed.

According to the 2006 Email-borne Malware Review released by the email security developer Commtouch, so-called server-side polymorphic viruses emerged over the past 12 months. These attacked quickly and comprised many different variants in a deliberate ploy to get around standard antivirus software, Commtouch said.

These malware variants tended to be distributed via email and each version was short-lived and in low volume. Examples include the Stration/Warezov and ‘Happy New Year!’ virus attacks.

Historically, copies of the same virus tended to be mass distributed in large quantities, with one or at best a small number of overlapping variants. But as antivirus products developed faster ways of identifying and neutralising malware signature publishing mechanisms, code writers changed their tactics to better exploit the “zero hour” vulnerability inherent in traditional antivirus approaches.

In an analysis of attacks from 2006, it emerged that malware distributors develop huge numbers of distinct malware variants and released them simultaneously, or in successive waves. By the time a signature is updated for one variant, that variant has stopped circulating and several new ones have been launched, making it harder for IT security systems to deal with.

Haggai Carmon, vice-president of products at Commtouch, commented: “Throughout 2006 we began seeing outbreaks with thousands of distinct variants being sent in successive, overlapping waves of attacks lasting for weeks or even months. The barrage of wave after wave of such attacks made it nearly impossible for traditional antivirus solutions to create and propagate new signatures or heuristics in time to protect end users from the risk of infection. We expect these types of attacks to continue and worsen through 2007.”

By Gordon Smith