This phenomenon is related to the total number of threats on the Internet . Many reports point out that , Threat sources develop new threats much faster than security personnel can handle them .
Only in 2015 The second quarter of the year , Spanish security company Panda Security The study found that , Every day the Internet produces 2 ten thousand 3 Thousands of malware samples . Trend technologies thinks that number can reach 100 ten thousand .
Panda Security In a report released by the company, researchers said , Most new types of malware “ It's a variation of the old software ”, This indicates that the threat source front view modifies the existing sample , Bypass anti-virus solutions .
This observation is not surprising . Malware writers are tirelessly looking for new ways to bypass detection , Access sensitive data in creative ways , Profit making . therefore , Threat sources usually add new technologies to their software works , Improve effectiveness and stealth .
Advanced malware protection enterprise Lastline Also fully aware of the efficiency of computer criminals . The task of the company's researchers is to analyze malware behavior , Insight into the future of the malware development industry .
In the past 2015 year ,Lastline Companies find three signs of malware maturity ： code signing 、 Changing browser settings and password guessing attacks .
Mark one ：
Using digital signature technology for code signature , Can help build trust between individuals . therefore , Malware authors often abuse code signatures , Help them develop software to bypass the detection of anti-virus solution providers .
That doesn't mean it's very easy to help illegal software get a valid signature . contrary , There are several obstacles that must be overcome in front of the threat source .
First , They need to convince CA Certification body , Issue a valid certificate for it .CA In this step, you will be asked to verify the identity of the company . This process may reveal the true identity of the source of the threat .
After getting the certificate , The malware author must agree to purchase the certificate , But the premise is , If the software they signed showed malicious behavior , The certificate may be revoked at any time .
Lastline What the company's researchers have found confirms this prediction ： Despite the rise in the number of signatures , But the software that uses signatures is mainly called “ Potentially harmful programs ”（Potentially Unwanted Programs,PUP）. This program is not as harmful as malware , They generally only harass users ; Even in the worst case , It's just a way out for malware .
Get the malicious signature / Percentage of suspicious Software
in addition , The number of signatures received by software that clearly shows malicious behavior is not much . This undoubtedly reflects that the software authors are persuading CA There are challenges for institutions to issue certificates for them .
Lastline It doesn't specify which CA Certificates have been issued to malware . The company said , All well known CA It's all affected .
Logo 2 ： Tamper with browser settings
last year , Another hallmark of malware is tampering with browser settings .
Lastline Studied all the mainstream browsers ：IE 、 Chrome 、 firefox 、 Opera 、 Safari , And found that the number of malicious software to modify the key security options of the browser has increased , meanwhile , These software often also tamper with the registry settings related to browser behavior .
Percentage of malware tampering with browser options
Most malware that tamper with the browser also change proxy settings .
This kind of attack is 2005 Years of , at that time , For the first time, computer criminals in Brazil will PAC Files are used for malicious purposes . The most representative way is to change IE Browser's AutoConfigURL Registry entries .
From Turkey 、 Attackers in places like Russia can now use malicious scripts , success 、 regular 、 Quietly pretending to be HTTPS Connect , Launch a passing attack .
The researchers also found that , Use by attackers ProxyBack Wait for malware , Without the permission of legal users, the infected system will become an agent .
Mark three ： Password guessing
Lastline The last sign found is that malware uses password guessing to attack .
Malware calls authentication process , Guess using common user name and password combinations , Trying to get or raise permissions . Here are some common weak passwords .
Percentage of malware using brute force
It's important to note that , Brute force cracking is nothing new , It's not just for desktop computers . Last summer, ,AppBugs A published study shows that , 53 Mobile applications are vulnerable to password guessing attacks . These vulnerabilities make it possible for iOS And Android platform 6 Hundreds of millions of users are at risk .
However , Thanks to several recent advances , The number of brute force attacks is still growing . such as ： Many software services have been enhanced , Malware is harder to exploit , Therefore, the target is the Internet of things 、 WordPress Such content management systems and other areas . In the design process of Internet of things products, safety factors are seldom considered .
Lastline The company's analysis shows that , Malware authors have greatly improved their work . Sign by code , Threat sources guarantee that software can bypass most anti-virus solutions . If the software also integrates other avoidance capabilities such as latency , The effect will be better .
Malware can also tamper with the proxy settings of the target system , Direct all browser traffic to devices controlled by attackers ; Or crack the password through violence , Increase local permissions .
By understanding these signs , Security personnel will realize that , Today, more than ever, information sharing is needed . Besides , These signs can also help the next generation of security experts understand the development trend of malware .