Firms Struggle Against Web Viruses
Thursday, March 20, 2008
The number of malicious software programs vying to take up residence on unsuspecting computer users' hard drives has quadrupled in the past two years, according to security experts.
The growth has set off alarms at security firms, which say that identifying viruses has become more time-consuming and expensive.
About 5.5 million malicious software programs were unleashed on the Web last year, according to AV Test Labs, a German company that measures how quickly and accurately antivirus products detect malicious software, also known as malware. That number has increased by four times since 2006 and by at least 15 times since 2005, according to the company. In the first two months of 2008, AV Test found more than 1 million samples of malware spreading online.
"Back in 1990 we were seeing a handful of new viruses each week," said David Perry, global director of education for Trend Micro, an antivirus company in Japan. "Now, we're having to analyze between 2,000 and 3,000 new viruses per hour."
Much of the malware harvests financial and personal data, which is sold to groups that turn the information into cash through identity fraud. Cyber criminals also use infected machines to anonymously attack others, relay junk e-mail or host fraudulent Web sites advertised through spam.
The proliferation of viruses and other malware has forced the antivirus industry to change how it writes software and to make its products far more powerful and sophisticated.
The challenge, security experts say, is that criminal groups responsible for manufacturing most of the malicious software are investing profits in research and recruiting talented computer programmers. A special emphasis is placed on creating malware that exists peacefully with infected computer systems, doing its work quietly in the background.
"A lot of these shops are now hiring professionals and doing quality assurance work, things that generally make the job of the antivirus researcher that much harder," said Randy Abrams, director of technical education at ESET, an antivirus company in Slovakia.
Malware writers are increasingly taking steps to ensure that computers infected with their creations stay infected, according to security researchers. In the past, no matter how quickly an antivirus product shipped updates to detect the most recent malware, most antivirus software would eventually sound the alarm if a virus managed to slip past its initial defenses.
But more of today's cyber criminals are continuously updating the malware they have managed to install on victims' computers, replacing older malicious files with new ones to keep them hidden.
Sunbelt Software, a software security company in Clearwater, Fla., recently added more than 50 servers to its malware analysis center to lighten the load of a lab straining under the daily deluge of new virus samples.
"We've had to bring in a great deal more hardware and come up with tons of different new detection methods just to deal with the incoming malware load in the past year," said the firm's president, Alex Eckelberry.
For many users, some of the most tenacious intruders cannot easily be removed without reinstalling operating systems. Reinstalling isn't such a huge hassle for business, which tend to keep user-generated data files in separate digital storage.
"A lot of today's infections are extremely difficult for the average user to remove completely," said Don Jackson, senior security researcher for SecureWorks, an Atlanta security firm. "You can see the evidence of that by number of people desperately posting to various security self-help sites."
Experts say PC users shouldn't depend on antivirus software to save them from risky online behavior, such as clicking on Web links in unsolicited e-mail and instant messages. Rather, they say, antivirus should be part of a layered security approach that includes using a firewall to keep out unwanted Internet traffic and applying software updates for Microsoft Windows and third-party software -- particularly popular programs used to display documents or play audio and video files.