'Storm Worm' surge exposes AV deficiencies

Summary:The crime ring behind the latest Storm Worm-related malware attack (Techmeme discussion) is using new tactics to slip malicious executables past anti-virus defenses, serving up another black eye to an industry that already uses questionable tactics to find new customers.Arbor Networks researcher Jose Nazario flagged the poor anti-virus detections of the Storm Worm Trojan in a blog entry that noted the use of password-protected ZIP files to hide .

The crime ring behind the latest Storm Worm-related malware attack (Techmeme discussion) is using new tactics to slip malicious executables past anti-virus defenses, serving up another black eye to an industry that already uses questionable tactics to find new customers.

Arbor Networks researcher Jose Nazario flagged the poor anti-virus detections of the Storm Worm Trojan in a blog entry that noted the use of password-protected ZIP files to hide .EXE attachments.

Anti-virus software will stop .EXE extensions and, in some scenarios, will even strip ZIP files from incoming e-mails.  However, in this case, when the .EXEs were being spammed through ZIP files in password-protected bodies, fully updated anti-virus software failed to nab the malicious files. 

At the height of the spam run, several new payloads and tactics were being used, further exposing the inability of anti-virus software to react swiftly to emerging threats.

Standalone, signature-based anti-virus protection has been dead, replaced by an anti-everything approach that includes heuristics, behavior-blocking and herd intelligence but, during every malware outbreak, the thing that always stands out is the poor detection rates, even from the big boys (Symantec, McAfee and Trend Micro).

I spent the last month on a project that looked at detection rates and response times of several big-name consumer anti-virus programs and was blown away by the ridiculously poor performance around heuristic detections.  The best performing product captured less than 80 percent of unknown malware samples.  At best, they were missing one-fifth of the most virulent virus variants.

Desktop software protection is a necessity, especially for consumers with poor computer usage habits.  But, despite glowing press releases boasting about new zero-day protection technologies, anti-virus software still can't keep pace with variants of old malware samples.

Storm Worm is just another example of this.

Topics: Malware, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.