Email-borne polymorphic malware tripled in September, raising fears over the worth of traditional anti-virus technologies.
The signature-shifting forms of malicious software accounted for 72 per cent of all email-delivered malware over the month, up from 18.5 per cent in August, Symantec.cloud data showed.
Some particularly nasty types of polymorphic malware has been in circulation over the past few years. Virut is one particularly dangerous piece of software that remained in Symantec's top 10 table for malware blocked at the endpoint in September.
Anti-virus technology cannot rely on signatures and heuristics alone.
W32.Sality is another and it took the number one spot this month. Both strains are associated with botnet activity.
The biggest worry for IT departments over this kind of malware is its ability to change its encryption key. This means it can't be spotted by anti-virus products relying on signature-based detection systems.
"This is something that anti-virus technology can sometimes struggle with, and many will employ emulation techniques to allow the malware to partially run in a controlled sandbox environment," Paul Wood, senior intelligence analyst at Symantec.cloud, told IT Pro.
"The latest strains of malware identified in the Symantec Intelligence Report for September include mechanisms for changing the start-up code in almost every version of the malware, subtly changing the structure of the code and making it harder for emulators to recognise the code as malicious. Anti-virus technology cannot rely on signatures and heuristics alone."
There is something of a war of words going on in the security industry at the moment about the best protection for modern threats like polymorphic malware.
The old guard, including Symantec, have been accused of using old technologies to solve new problems. In particular, the use of database detection systems has been criticised.
Yet Symantec believes its cloud-based Insight technology is more than capable of helping block zero-day or polymorphic threats, even if it isn't truly real-time.
Insight looks at the "integrity of an executable based on knowledge of its reputation and distribution in the real-world," Wood said. Essentially, the technology still relies on past facts to determine the safety of a file, but it can get hold of those facts fairly quickly to make an assessment.
Some rivals, such as M86 Security, claim this isn't fast enough.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Power stations under attack from long-running hacking campaignNews Dragonfly threat group is ramping up activities, say researchers
-
Symantec profits surge as firms prop up their cyber defencesNews The company also announced plans to sell its web certificate business
-
Symantec to pay $4.65 billion to acquire Blue CoatNews Greg Clark to become Symantec CEO, promising new cloud security
-
Symantec ditches reseller guilty of scamming PC users
News Silurian told people they had malware, then sold them Norton Antivirus for $249
-
NATO builds up cyber alliance with Symantec tie-inNews Military industrial link up to fight cyber attacks
-
Junk emails fall to their lowest rate in 12 yearsNews Spam is dropping, says Symantec, but other malware threats are on the rise
-
Kaspersky: "We have never been asked to whitelist malware"News A company blog has revealed neither government nor any other entity has asked it to stop detecting malware
-
Symantec confirms split into separate security & storage entitiesNews Storage and security will be separated as Symantec tries to boost sales in both
