Threat of the Month: Malware

October 17, 2007
What is it?
Server-sidepolymorphic malware is unique permutations of similar malicious codelaunched via multiple infection sources in quick succession. It hasbecome the most popular email-borne malware type because it effectivelymanages to circumvent most existing anti-virus engines.

How does it work?
Itis circulated with slightly modified attributes to make it undetectableby signature- and behavior-based anti-virus and intrusion-detectiondefenses. This exploits the “real-time” vulnerability inherent intraditional anti-virus solutions, which must
propagate a solution for each variation.

Should I be worried?
Withan outbreak of server-side polymorphic malware, the hourly/daily volumeof unique variants is high and typically overwhelms traditionalanti-virus solutions. Because the number of samples per variant istypically low, it can be difficult to track them toanalyze/develop/propagate a response in time.

How can I prevent it?
Real-timeresponse is critical. Your solution should “block first and askquestions later,” examining active outbreaks and preventing them beforethey enter your network. If you depend on a system that propagatesresponses before acting, it may be too late.

Source: Commtouch
prestitial ad