That does not mean that the more widely broadcast attacks are disappearing. To get their malware past antivirus engines, some hackers are employing what Commtouch Software calls polymorphic distribution
patterns. Thats a polysyllabic way of saying that hackers are generating a large number of distinct variants of a worm or virus and releasing them in short, intense bursts. This creates many zero-day exploits,
increasing the chances of getting them past defenses before new signatures can be developed.
During the peak early in the quarter, the Storm/Nuwar malware released over 7,000 variants in a single day, Commtouch reported.
Instant-messaging and peer-to-peer networks also continue to be attractive vectors for malware. Akonix Systems reported 38 distinct new attacks on IM networks in April, the first monthly increase in the number of new IM attacks this year. Attacks on peer-to-peer networks such as Kazaa and eDonkey were also up, with 36 new attacks identified last month. Because IM and P2P often operate outside an enterprises
accepted-use policy, these applications can provide undefended rogue connections that can be exploited by attackers.
Social engineering remains a popular tool for slipping past defenses. Commtouch reported subject lines on malicious e-mail such as First nuclear act of terrorism! to entice the unwitting recipient to open and
click. If sensationalism isnt your cup of tea, there is always the more tender a bouquet of love, popular around Valentines Day. Hey, if it worked with the I love you virus, why not give it another shot?
The targeted, single-recipient e-mail is another form of social engineering. Although the volume of these is necessarily low, the rewards are potentially greater. A carefully tailored e-mail has a better chance of getting the intended recipients attention, they are harder for filters to spot and block, and the targeted network is likely to contain data worth stealing.
MessageLabs also found that the favored tool for delivering the malicious code in targeted e-mails has shifted recently. Microsoft PowerPoint files were the most common vector for delivering code in March, edging out MS Word, with 45 percent of infected attachments being .ppt files. Malicious attachments with .doc files accounted for 35 percent of the payloads, and .exe files were only 15 percent. This spike in the use of PowerPoint could be an anomaly. It apparently was driven by a single gang with an IP address in Taiwan that used the same attack file repeatedly because it had not been identified and blocked by antivirus companies.
But, anomaly or not, the increasing use of PowerPoint to deliver malware to government recipients could have unintended beneficial consequences. Just imagine the burst of productivity in government offices if agencies banned the use of PowerPoint. I know it is not likely to happen, but we can dream.
http://www.gcn.com/online/vol1_no1/44317-1.html