Malware re-birth a new threat?
Washington: Scientists have claimed that new breeds of malware could leave computer systems and even critical infrastructure defenseless to attack from cyber criminals or foreign governments.
An international team, led by Murray Brand, says that a theoretical attack strategy it calls a malware rebirthing botnet would render existing antivirus measures obsolete by using different kinds of malware in a coordinated strike.
The attacker would first use a worm to create a botnet of infected slave computers, then upload a honeypot programme to attract and capture other malware from the internet.
The captured malware would then be sent back to the attacker and altered in what Brand calls a rebirthing suite, improving its defences against antivirus programs with anti-analysis tools and tailoring them for the coming attack
before distributing them among the botnet.
The attacker now has an array of advanced, customized malware that are extremely difficult if not impossible for antivirus programs to detect that can be deployed against a target system from multiple angles.
"Recognition of malware is dependent upon an analyst having already analysed the behaviour of the malware and extracted an identifying signature," Dr Brand said.
If the new malware is significantly different to any known malware, antivirus software is unlikely to recognise the threat until the malware has disabled it, say the scientists.
Dr Brand says antivirus software is already struggling to keep up with the growing volume of malware rapidly appearing on the internet, more than 75 million by the end of 2011.
He says one third of malware in existence was created in the first 10 months of 2010 and new threats are often not properly identified for 48 days, with another 48 hours to program new definitions.
Dr Brand says the processing power needed to scan for and delete malware may soon outstrip capacity of most computers.
"At the other end of the spectrum, customised malicious software that does have a coordinated objective could be used to take over control of critical infrastructure or network operations in a very stealthy manner," he added.