With malware-infected programs and Web sites now being created at a higher rate than their legitimate counterparts, Symantec Corp. is predicting security vendors will shift toward a reputation-based approach to stopping hackers.
In a new report outlining its 2010 security predictions, released earlier this week, the company argued that the traditional approach to anti-virus software is insufficient to stop the variety of unique malware variants that have popped up over the last year. This means that it is no longer feasible to focus solely on analyzing malware.
Paul Wood, a senior analyst with Symantec’s MessageLabs division, said the high availability of Web attack tool kits has opened up the hacking industry to many new candidates who might not have otherwise had the technical abilities to make an attack.
And with many of these hackers using social engineering and obfuscation techniques to trick users into downloading their malicious apps, the ability of AV vendors to sort the good from the bad needs to be ramped up using a reputation-based approach.
“Reputation security looks at all software files, not just malicious ones,” Wood said.
“If you have your anti-virus software running on a number of machines in the world, those machines can contribute to your database of information regarding the software on those machines. You can then start to build a reputation knowledge base.”
For instance, if there’s a particular program that is in high circulation, Symantec would be able to give it a stamp of approval and more aggressively monitor programs that are building in popularity, he said.
This reputation-based technique is used by Google to rank news results through its search engine, as well as many anti-spam e-mail clients that measure the respectability of IP addresses.
One such technique designed to get around this are fast flux botnets, used by some spammers to hide phishing and malicious Web sites behind a constantly changing network of compromised IP addresses. Each of their malicious domains are given little “time to live,” which means security experts will rarely have the time to make a trace and identify where the attack is coming from.
These are just a few of about a dozen trends that Wood expects to play out over the next 12 months.
Many of the other predictions are fairly obvious ones, such as Windows 7 coming into attackers’ cross-hairs, Mac and mobile malware rapidly increasing, URL shortening services causing more harm than good, and the continued rise of instant messaging and social networking attacks.
The only positive security development that Symantec indicates in the report concerns the improvements made to CAPTCHA technology, a code often used on sign-up pages to ensure that the application is being generated by a human and not a bot.
With spammers finding the CAPTCHA codes increasingly difficult to break, many of them are hiring real people in countries like India to bypass the technology.
“They are paying somebody two or three dollars to register a thousand accounts and then selling them for 30 to 40 dollars,” Wood said. The spammers end up losing less than 10 per cent of their profits using this technique.
As hackers continue to improve their abilities to combat the CAPTCHA system with image and sound recognition technologies, this battle seems to be one that will continue well beyond 2010, Wood added.
Another trend to watch next year, Symantec said, is the increase of fake security software.
This is also an area that has been of particular interest to independent security consultant Brian O'Higgins, who said “rogue security software” is particularly crafty because it preys on a combination of fear and training.
"People have been trained to be concerned about security, and when a pop-up comes on that claims your machine is at risk, they are willing to install the software," said O'Higgins.
Moreover, advertisements for scareware find their way to reputable sites after the malware distributors have successfully worked around search engine optimizations, said O'Higgins.
But while some scareware actually does remove malware, said O'Higgins, they are created to be difficult to remove because they can't be uninstalled unless the user pays a removal fee.
- With files from Kathleen Lau