New turn in old war on macro viruses
On Friday, anti-virus firm
"That is why the success rate is so high."
The first macro virus -- WM/Concept.A -- appeared in 1995, took 2 weeks to find its way onto the list of the most frequent viruses and stayed on the list for almost 18 months.
In the past two years, more than 500 different viruses (not variants) have appeared. Of those, 87 percent were macro viruses, according to Bruce Burrell, anti-virus team leader for the University of Michigan, who found that in most cases, anti-virus firms protect against viruses before the digital antigens make it onto the Internet.
In an escalating war of wits against an army of savvy and aggressive contingent of hackers, Symantec believes it has found a leg up. |
The virus definitions need to be constantly updated and, as a result, anti-virus firms are locked into an arms race with virus writers.
The method heralds back to the behavioral filters used in the past by anti-virus software makers that would block any access to specific functions not sanctioned by the user.
At the Black Hat Security conference in July, A. Padgett Peterson, corporate information security officer for Lockheed Martin Enterprises Information Systems, presented a short list of such Windows Script functions that could be blocked to prevent attacks such as Melissa and LoveLetter.
There is a weakness to the defense, said consultant Fitzgerald.
Yet, in the end, keeping up with changes in scripting services could be far easier than keeping track of the more than 50,000 virus variants in the wild today.