The following McAfee Labs articles come from the December issue of the SNS Journal.
- To see the full December issue, download the PDF.
- To see additional past issues, go the the SNS Community.
- To subscribe to the monthly SNS Journal, visit the SNS Subscription Center.
McAfee Labs Insights: Where Rootkits Roam
News from McAfee Labs
Seventy-five million malware hits are expected to affect computers worldwide by the end of December, making 2011 the busiest year in malware history. Behind this large number is believed to be the easy availability of crime packs, many with rootkit functionality, in the underground market.
The greatest cause for concern in the foreseeable future is expected to be the increasing use of sophisticated rootkits. No matter their level of complexity, rootkits use stealth techniques by embedding themselves outside the operating system to evade current security solutions. Commonly used in targeted attacks, a major purpose of this type malware is the theft of individual or corporate financial information.
Some malware families, like TDSS and new variants of ZeroAccess, use highly sophisticated rootkits that are difficult to detect while they are active and complicated to remove. Rootkits that modify BIOS to get and keep control of a system have been detected, making prevention paramount as remediation may not be possible or is very costly. But even the more typical rootkit that operates by cloaking the activity of an information-stealing Trojan can wreck havoc on an organization.
In the future, we are likely to see an increase in the use of rootkits and in their capabilities to avoid detection by traditional antivirus software. (Criminal developers are empowering their creations with ever-greater capabilities to bypass up-to-date antivirus applications.) In response, McAfee has developed DeepSAFE technology that operates beyond the operating system to detect and block advanced, hidden threats, such as stealth rootkits.
Foiling malware attacks in the future will involve shifting the focus of security from the operating system to hardware, the network, systems, applications, and databases.
CyberFacts: Travelling Worms
Things to look out for in cyberspace
During 2011 the volume of Android malware has been greater than that of any other mobile operating system:
- Android 63%
- Java ME 20%
- Symbian 7%
- BlackBerry 6%
- Others 4%
In the past, worms mostly hopped from one device to another. Today nearly all infections come from application markets/stores. There are many examples of recent Android malware. You can examine their descriptions at the McAfee Threat Library.