Content

Threat of the Month: Malware

What is it?
Server-sidepolymorphic malware is unique permutations of similar malicious codelaunched via multiple infection sources in quick succession. It hasbecome the most popular email-borne malware type because it effectivelymanages to circumvent most existing anti-virus engines.

How does it work?
Itis circulated with slightly modified attributes to make it undetectableby signature- and behavior-based anti-virus and intrusion-detectiondefenses. This exploits the “real-time” vulnerability inherent intraditional anti-virus solutions, which must
propagate a solution for each variation.

Should I be worried?
Withan outbreak of server-side polymorphic malware, the hourly/daily volumeof unique variants is high and typically overwhelms traditionalanti-virus solutions. Because the number of samples per variant istypically low, it can be difficult to track them toanalyze/develop/propagate a response in time.

How can I prevent it?
Real-timeresponse is critical. Your solution should “block first and askquestions later,” examining active outbreaks and preventing them beforethey enter your network. If you depend on a system that propagatesresponses before acting, it may be too late.

Source: Commtouch

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds