'Security suite alone cannot prevent malware infection'

According to our latest study at eScan, malware is said to be a growing epidemic that cannot be washed out but can only be curbed. Controlled by a chain of cybercriminals, its growth is indefinite in the digital world.

In all practicality, the ability to prevent this community or industry (which it is slowly turning into) from growing is clearly impossible. Why? The reason is clearly due to the fact that hackers and malicious coders are becoming highly successful in covering their digital tracks, making it very difficult for cyber sleuths to track and analyze their online movement. Malicious coders have also grown in complexity such that their digitized presence can go undetected in the presence of the user, irrespective of whether a security suite is installed. However, the inability of a security suite to detect the presence of malware is relatively low but what we as users must understand that a security suite alone cannot prevent malware from infecting a system. The user himself plays as big a role as the installed security suite. While an anti-virus product will prevent an infection 99 per cent of the time there is always that 1 pc window of opportunity for hackers.

And this 1 per cent comes in the form of users, patches, updates, etc. Email has always been the choice attackers use for infecting a target. However, with technology progressing and with the growing number of malware related tools, this trend is seeing a rapid change. Email-based malware will certainly continue, however we will see this method decrease over time; giving way to real-time attacks. We will see a rise in malicious web applications which have more than proved to be advantageous for an attacker. Moreover, recent incidents go on to prove that hackers have been highly successful in evading traditional anti-virus signatures.

There are a number of reasons for traditional anti-virus to fail when it comes to detecting web-based malware. We need to realize that the internet is home to a magnitude of web-based applications; all of which are rendered in real-time within a browser. So it would be right to say that an anti-virus is only as effective as its virus database; be it based on a cloud server or signature based. Not only are they highly adaptable to their host environment, but are also polymorphic in nature. Which basically means that the malware can effectively be re-encoded remotely, making it difficult to detect. With that being said, the likelihood of getting infected is linked — but not limited — to the sites the user visits. Hacked and redirected links which further spawn drive-by-downloads are also beginning to see an increase of over 20% in the last 2 months. Going by the samples captured by eScan, web-based malware lead the malware pack both in terms of detected malware and undetected malware. PHP, HTML & EXE made up for 82 percent of the detected malware, while MP3, CSS and PNG summed to less than 1 percent. This just goes on to show that malicious HTML and Scripts are going to be the area of choice for hackers when it comes to spreading malware. Social networks have also had a lot to add in terms of distribution of malware. Take the instance of the circulating Facebook banner which promised to change the color of the page to red, blue, yellow, etc. It was however detected to be survey scam rather than a malware-related issue. Here, your identity is stolen that gets used or sold for profit to various online organizations. As of February 2013, Malware stands at a high of 44.85 percent followed by Russia, Germany and China at 22.36%, 9.95% and 4.67% respectively. The top 10 viruses for the month stand as Ramnit, Sality, Autostart, Virut and Conficker. Taking these threats into consideration we shall also see a rise in malicious activity along with the distribution of malware which is definitely not going to slow down in the coming months. Malware awareness therefore comes in as a necessity that online users need to initiate. And this awareness should not only be limited to laptops and PCs but to all devices that make use of the Internet.

(The author is MD & CEO, eScan)