Malware was once technology that was relegated to Windows operating systems and low-end open-source programs, however in 2012 the technology has involved into malicious code that can literally take down a nuclear power plant (Stuxnet) or go undetected for years (Flame).
As Malware continues to grow into a force to be reckoned with we are forced to examine how the malicious technology is evolving and what it will look like well into the future.
In 2010 Tech Target writer Nick Lewis predicted malware would soon:
“Have the ability to configure full-management applications, improved toolkits and update mechanisms to incorporate zero-day attacks and customizations.”
Zero-Day Exploits and Cross-Platform Attacks
Fast forward to 2012 and we have already seen his predictions come true. In terms of zero-day attacks java has been the largest culprit in recent months. As ZDNet recently reported a cross-platform piece of technology used to target Mac systems in the form of the “flashback” virus has recently surfaced and focuses on Mac, PC and Linux systems. The new malware seeks out java script because it is used across various platforms. Once the malware is able to exploit the system through java it sends back information to a server to receive a list of commands.
In many cases update mechanisms have made fighting malware extremely difficult as the programs typically communicate with a rover server or set of servers. As users attempt to search for new viruses which have been defined by their virus scan programs the server communication between the malware and its host leads to “evasive” measures to avoid detection.
More Sophistication in Coding
In the past the prevalence of Microsoft based viruses typically meant finding a program that made specific calls it shouldn’t be making and then removing its files. In 2012 malware is evolving to the point where simple coding is no longer observed. In the case of Flame thousands of computers were exploited because programmers got their hands on Microsoft license keys which allowed them to trick systems into believing the software was completely legitimate and trusted by Microsoft. In other cases programs have been crowd sourced as groups of programmers have worked to create more sophisticated methods of attack.
Searching For Targets
It use to be that infecting a computer required downloading and opening certain email attachments. These days however a simple link to an infected site can infect your non-protected (and in some cases protected) computer. Phishing scams on Facebook, personal messages from someone who you thought was your friend on Twitter. Malware has learned to spread by “trusted” word of mouth, complex coding that auto initiates controls and more. As we enter 2013 we will likely see even more sophisticated methods of delivery.
How malware is evolving is a very important question that computer security experts will continue to ask as viruses become smarter and continue to spread on various pieces of connected technology.
[Image via Vidyarthi Plus]