Saturday, August 18, 2007

PC Tools Warns Global Virus “Storms” Are on the Rise

PC Tools malware researchers warn the latest epidemic of the Storm Trojan which is being disguised as e-cards and infecting computers world–wide, is only the tip of the iceberg.

"The malware writers of this latest influx are suspected to be based in Russia or the Ukraine and their attacks are extremely sophisticated using advanced evasion techniques to get on and stay on victims' PCs," explains PC Tools Chief Threat Officer Kurt Baumgartner.

"What we are seeing with these latest attacks are typical social engineering emails telling recipients they have received an e-card from a friend, loved-one or colleague then enticing the user to click a link to view the card. Once the link is clicked a wave of malware is unleashed by taking the victim to a webpage that exploits their browser and infects the PC without any additional action required," explains Baumgartner.

"Consumers are naked against this new plague of zero-minute attacks. We are talking about new exploits, in large volumes, sometimes every 30 seconds. This next generation of malware requires automated computer systems to combat large volumes of malware as human manpower is simply not enough.

"With thousands of malware threats being released every day, or even every minute, how can products which are solely reliant on signature-based solutions detect rapidly changing exploits? They can’t, the only solution is behavioural-based protection – such as those being developed by PC Tools’ advanced research team," said Baumgartner.

“This is what has brought us into the era of Malware 2.0. Without an automated response present signature-based solutions cannot handle the job.”

Baumgartner explains, “Traditional anti-virus products are unable to decrypt, analyse and effectively distribute signatures for thousands of undetected and rapidly changing malware binaries in this extremely small window of time. Their scanners are ineffective against the newest variants at the moment of infection and by the time the signatures catch-up it’s too late.”

“The e-card threats not only collect email addresses to be used for sending SPAM but current variants are installing rootkits – which hide themselves and unknowingly change the function and performance of the victims’ computers.”

Baumgartner further explains, “Technically, the current variants are installing rootkits that run hidden processes and add the victim’s computer to a large peer-to-peer (P2P)1 network that not only will link it to a large spam producing botnet2, but will slow computer performance.

“Furthermore, these e-card threats are also designed to kill popular anti-virus products when it detects them starting, ensuring a persistent bot-enabled system once the malware is installed and the system rebooted. The threats also leave the system exposed to possible back-door and remote exploits, meaning all the data on the machine is being put at risk.”

Baumgartner cautions these new Malware 2.0 threats are infecting computers on a global scale.

PC Tools has posted a detailed technical analysis, generated by their automated threat analysis system Threat Expert, of the latest Storm variant. The report can be viewed online at http://www.pctools.com/threat-expert/sample/report/storm/.

No comments: