Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
The three attacks you've mentioned, code mutation, code fragmentation and code concealment through rootkits, are some of latest evolution of new malicious code generation techniques. All are designed to make it harder to detect the virus or rootkit, and take the concept of the polymorphic virus one step further.
These programs are being designed to stick around undetected for as long as possible on infected systems. Some malware designers use "packers" to encrypt malware to evade detection.
Others use different routines for decrypting the code to create a virtually unlimited number of mutations, such as the Trojan Swizzor did recently.
Swizzor repacked itself once a minute to get past signature-based tools that work only if they know precisely what to block. Swizzor also recompiled itself once every hour.
Zero-day attacks using well-concealed Trojans present a serious challenge to the security professional. Therefore it's very important to rely on a security product or group of products that really stays on top of current threats and vulnerabilities.
Of course, all of the usual steps your customers take to prevent any type malware always need to be taken, and may help prevent some of these exploits.
This was first published in January 2007