Advanced Malware Detection

Malware threats have taken a whole new approach in the past few years. Studying some of them recently in the Digital Crimes Unit (DCU) of Microsoft in Seattle, our thoughts have been confirmed that we have now entered a new era of more sophisticated malware.

Ransomware like Crowti and Reveton, for example, take the users data ransom by encrypting it and not sharing the key until a significant amount of up to 1000 USD is paid in Bitcoins or some similar anonymous currency. Recovering from this kind of malware from a computer is difficult. Just removing the malware is not enough: this does not bring the data back.

Until recently, the most common measure to prevent a computer’s infection by malware was to install security software, from well known suppliers, such as McAfee, Norton, Trendmicro and Kaspersky.

With the recent Advanced Persistent Threats we have seen malware infecting servers, using administrator account and hiding the malware itself by encrypting it or storing it in hidden areas of the hard disk, where it will go undetected for a longer time. Actually the DCU has measured that the time lapse between installation and detection of the malware is on average 241 days.

A few of the practical measures one can take are the ones that you probably already know, including the standard care to be taken with the installation of any software, knowing the source and aspects of it. Any software should be downloaded from a trusted source website, using a secured (https / SSL) connection.

Through its close relationship with suppliers and law enforcement agencies, ICT Institute can obtain insights in the proliferation of malware by IP address and do a check on the presence of malware in your organization. Our experience teaches us that this may often yield surprising results. Not only in terms of the malware found, but also in the understanding the refined ways that this malware finds a ‘way in’ in the corporate network of the organization.

Image credit: Yuri Samoilov