Malware enters the mainstream

For years, conventional thinking said that viruses were platform specific and only affected executable files. In 1996, a proof-of-concept Word Macro virus was released by an unknown individual. Although the original proof-of-concept was benign, the important fact to point out was that it was the work of one individual that changed the face of computer security. The virus scene quickly latched onto this concept and began developing malicious code. Still, anti-virus researchers were up to the task. Anti-virus scanners now had to scan both documents and executables, but the same principles of detection still applied. Better yet, throughout this evolution of computer viruses from stealth to polymorphism to macro viruses, the solution was easy: ThunderByte Anti-Virus, $29. When any new virus was released in the wild, you could count on the team at ThunderByte to quickly update their software to protect your system.

Like the original self-mutation engine, or the advent of the macro virus, new innovations in the virus scene would continue to increase the stakes. As viruses grew in sophistication, the number of software engineers with the expertise in virus detection grew smaller and smaller. Anti-virus companies began to merge or snatch key engineers from competing companies. It wasn’t a scene… it was an arms race.

The Losing Battle

That was the 90’s. Innovations were driven by single individuals, motivated primarily for the thrill of the chase and the ability to “take on” the world’s most elite software engineers. In 2007, things are different. The world revolves around computers and the always-on world of the Internet is rapidly changing the face of computer security. E-commerce has brought organized crime to the world of computer security, and a virus released into the wild can quickly spread before anti-virus researchers can have an opportunity to develop new detection strategies. Organized crime has moved the distribution of malware from seedy websites/sources to organized hacks against mainstream websites such as ASUS or the Dolphin stadium website for Super Bowl XLI. While it was OK for users to wait for monthly virus signature updates, viruses can now spread across the globe within minutes. As predicted by the expansion of executable viruses to macro viruses, the realm of threats in today’s world have increased substantially. We now have cross-platform viruses that infect both Windows and Linux.

The bigger problem is that we’re no longer dealing with viruses anymore. A virus is designed to infect multiple files within a single computer and spread through human to human contact (i.e. someone emails you an infected file and hands you an infected disk). Without broadband, very few people kept their computers on 24/7. Nowadays, we’re worried about worms rather than viruses or combination worm/viruses that spread over the network without user intervention. Some of these worms are able to spread over the network via zero-day vulnerabilities (weakness/exploits in the operating system itself) while others can do simpler things like send out mass emails. We’re also have to worry about things like spyware, phishing/spoofing attacks and all sorts of general malware.

In a way, this is only the evolution of the virus scene. We are now seeing polymorphic variants of Windows malware, and the increasing use of rootkits, which are nothing other than a new name for the stealth principle being applied to the Windows world. In contrast, the number of elite software engineers focused on security research continues to dwindle. When was the last time you heard of the great security start-up?