Dark Reading: Automated Malware Analysis Under Attack

/Home/Internet Security: Articles/Internet Security: Dark Reading/Dark Reading: Vulnerabilities & Threats

Malware writers go low-tech in their latest attempt to escape detection, waiting for human input -- a mouse click -- before running their code

Dec 20, 2012
By Robert Lemos

The world suddenly changed for antivirus companies in 2004.

During the previous two years, malware writers had kept up a steady stream -- a trickle, in retrospect -- of viruses, Trojan horses, and worms. Security firm Symantec, for example, added approximately 20,000 new signatures each year to its Norton antivirus software to keep up with the malware flow. But in 2004, the number of new malware variants skyrocketed, forcing Symantec to add 75,000 signatures that year, 169,000 signatures in 2006, and 1.7 million signatures in 2008. This year, its software carries 21.5 million signatures, according to the firm's latest data.

Without automating the analysis of pernicious programs, antivirus firms would be overwhelmed.

But increasingly, malware writers are finding ways to attack antivirus firms' ability to cope with the flood of malicious binaries, and that could stress the entire system for triaging and analyzing malware.

Click the URL above to read the full article