Forget about Stuxnet, advanced persistent threats (APTs) and zero-day threats, says leading malware researcher Alex Kirk. Worry instead about everyday crimeware.
Kirk is a senior researcher with the Sourcefire Vulnerability Research Team (VRT). The team captures more than a terabyte of real-world internet traffic with their honeypot network every day.
Their analysis shows that the high-profile, exotic threats are small in number. The vast majority of threats are much simpler — to the point where some malware even identifies itself as such.
"It's astounding how much crud there is out there in terms of just people that don't have a clue what they're doing," Kirk told this week's Patch Monday podcast.
By analysing the original file names of around 30 million pieces of malware in the Sourcefire VRT database, Kirk identified some simple rules of thumb.
"I've always told friends, 'Don't ever touch a RAR file, it's just full of malware'," he said. "Actually, about 11 per cent of what was in that database is RAR files."
Kirk is presenting more of his research results at the sold-out Ruxcon information security conference in Melbourne this coming weekend.
Patch Monday is posted on Tuesday this week because, ironically, I was busy rebuilding a colleague's website after it had been infected by malware. It delivered the website as usual to regular web browsers, but Google's search indexing robots were served a site filled with links to fake pharmaceuticals sites, boosting their search rankings.
To leave an audio comment on the program, Skype to stilgherrian or call (02) 8011 3733.
Running time: 22 minutes, 27 seconds