What’s in that code?

The difference with today’s security threats, says Robert Pregnell, regional product marketing manager at Symantec is that the bad guys are after the data not the device. He says this shows in the increased professionalism and commercialisation of malicious code. “It is obvious there are some very sophisticated people out there and they are using automated tools to develop an increasing number of sophisticated attacks.”

Pregnell throws some alarming figures around. Just shy of half a million unique variants in the last six months, up from around 200,000 for the previous six months. How about the last six months of 2007 when we saw more than 11,000 cross site scripting attacks up from just 2000 in the six months prior? But it’s not just the sheer numbers, its the sophistication of the code that is changing, says Pregnell. Attacks that focus on various Web vulnerabilities; browsers, media players, XML and AJAX Web interactions are not only proliferating, they are capable of morphing to avoid detection.

Today’s crimeware writers are not trying to disrupt your computer, they are crafting stealthy code that can go unnoticed until it achieves its goal of getting your credit card details, online banking login or whatever highly specific target it is after.

“If you take a step back and take a look at the whole virus landscape. If you look at the past 10 or so years, almost two thirds of the malicious code threats that we know about today were created in 2007,” says Pregnell.

“It’s frightening stuff for computer users from consumer to enterprise. It’s also scary for signature-based security product vendors. Security labs are deluged and struggling to keep up with the number of new signatures required to protect against an overwhelming explosion of automated, polymorphic malware,” he says.

“The AV vendors are getting to the limit of their capacity to keep up and the bad guys know that.”