Testing times!

I read, with some interest, that Trend have decided to withdraw from the Virus Bulletin 100 (VB-100) anti-virus test, here is the article. I also then had my attention drawn that Trend had failed the latest VB-100 tests: their performance on VB-100 has been somewhat ‘mixed’ of late. VB-100 tests aim to assess how security products fare in detecting a set of viruses in the WildList, an up-to-date list of malware samples known to be in circulation.  It numbers circa 700 viruses. Trend stated that the test had become out-dated and no longer reflect the fast changing threats that security products need to counter day-to-day.

Now, Trend’s announcement further highlights the understood requirement within the security industry for a new testing methodologies. We need approaches that will better reflect the complex and dynamic nature of the threats that anti-malware products are trying to counter. Notably, the Anti Malware Testing Standards Organisation (AMTSO), has been created to address this.

Whilst, we can all debate the relative merits of the current tests, Virus Bulletin themselves did comment that their test is not the only way to test anti-malware products, but products should be able to detect items in circulation. Furthermore, VB-100 is a measure of product competence and on-going reliability.

So, we all have to live in an ‘imperfect’ world of testing and expect for better days ahead. I am hopeful that the AMTSO initiative will deliver. But I think it is much better to stay the course - rather than decide to wander off.

 

June 10, 2008 | Filed Under Announcements, Market trends, Security, Technology | Leave a Comment 

Would you credit it?

At Symantec we have a our Global Intelligence Network.  This comprises over; 40K sensors, a couple of million decoy email addresses, and then 150 million or so Symantec end-points. It allows us to monitor what is happening on the internet, second-by-second. One facet of this is, our monthly ‘State of Spam’ report that we publish.

Casting our minds back to June 2007, we reported that nearly 70% of all email sent was Spam. This was an alarming,  and at the same time, interesting trend.  One of the new tricks that helped fuel the increase was the use of, so called, PDF-Spam.  Here, the spammers had attached the spam message as a PDF file to help circumvent spam-filters.  New countermeasures were brought into place and PDF spam came and went.

Well, here in June 2008, the amount of spam is an incredible 80% of all emails. What gives?

 This is testament to the on-going determination and inventiveness of the spammers. Now, one thing I have noted in my own personal email account is the amount of ‘credit’ related emails that have flowed into my spam folder. They all follow a similar pattern: I have been ‘pre-cleared’ for a loan, or, ‘Get out of the red’ instant credit available to me.  The further twist is that you get them in week 2 or 3 of the month, on the basis that is when we are getting low on cash and waiting for the next pay day. So, the spammers have piggy-backed on the back of the ‘credit-crunch’ and hence the continued and unparalleled levels.  We see this constant ‘see-sawing’ from them using either technically or socially related means to keep pumping out the flood of spam.

Even the ‘credit crunch’ is old news now, we are seeing them switching to spams that focus on the fuel crises, with promises of discounted or free petrol diesel, gas, electricity. For those of you who want to read the full ‘State of Spam’ report for June 2008, follow this link. http://www.symantec.com/business/theme.jsp?themeid=state_of_spam

June 9, 2008 | Filed Under Market trends, Spam | Leave a Comment 

When Malware becomes Crimeware

Now, without wanting to necessarily start an official book club – there are enough in the world without me getting into the act. I have had the opportunity in the past few weeks to read a couple of security focused books that I thought you may well be interested in and benefit from.  They both focus on the evolution of ‘malware’ into ‘crimeware’.  ‘Crimeware – understanding new attacks and defences’ is by Markus Jakobsson and Zulfikar Ramzan (www.informit.com/aw).  It is very comprehensive in its scope and helps the expert, and not so expert, understand and prevent specific crimeware threats.  What is does well is to explain how, from a technical standpoint, malware can and is used for the purposes of crimeware.  Zulfikar Ramzan is a colleague of mine here at Symantec and he has also roped in some other members of the team to help with some of the chapters. 

‘Zero Day Threat’, by Byron Acohido and Jon Swartz (www.sterlingpublishing.com), provides a further insight into the developing world of crimeware.  The authors are journalists with USA Today and they neatly manage to intertwine a narrative of a real-life ‘bust’ of an author of crimeware in Canada, whilst outlining the failures of Banks and Credit Bureaus to keep people save from crimeware.  It provides a good and thought provoking overview of what is and potentially could happen, without descending into the realms of deep technical analysis.

May 28, 2008 | Filed Under Data loss, Market trends, Security, Spam | Leave a Comment