Everyday malware is everyday criminals

Summary:Forget about Stuxnet, advanced persistent threats (APTs) and zero-day threats, says leading malware researcher Alex Kirk. Worry instead about everyday crimeware.

Forget about Stuxnet, advanced persistent threats (APTs) and zero-day threats, says leading malware researcher Alex Kirk. Worry instead about everyday crimeware.

Kirk is a senior researcher with the Sourcefire Vulnerability Research Team (VRT). The team captures more than a terabyte of real-world internet traffic with their honeypot network every day.

Their analysis shows that the high-profile, exotic threats are small in number. The vast majority of threats are much simpler — to the point where some malware even identifies itself as such.

"It's astounding how much crud there is out there in terms of just people that don't have a clue what they're doing," Kirk told this week's Patch Monday podcast.

By analysing the original file names of around 30 million pieces of malware in the Sourcefire VRT database, Kirk identified some simple rules of thumb.

"I've always told friends, 'Don't ever touch a RAR file, it's just full of malware'," he said. "Actually, about 11 per cent of what was in that database is RAR files."

Kirk is presenting more of his research results at the sold-out Ruxcon information security conference in Melbourne this coming weekend.

Patch Monday is posted on Tuesday this week because, ironically, I was busy rebuilding a colleague's website after it had been infected by malware. It delivered the website as usual to regular web browsers, but Google's search indexing robots were served a site filled with links to fake pharmaceuticals sites, boosting their search rankings.

To leave an audio comment on the program, Skype to stilgherrian or call (02) 8011 3733.

Running time: 22 minutes, 27 seconds

Topics: Security

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust. He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit tr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.