By Paul Wood

Recent research from the July 2011 Symantec Intelligence Report found cyber criminals are more aggressive than ever before when it comes to spreading malware over e-mail using more sophisticated polymorphic techniques designed to bypass more traditional anti-virus defences.

MessageLabs Intelligence Senior Analyst, Symantec Hosted Services
Paul Wood

Polymorphic malware uses variations of the same code by employing different encoding techniques, making it harder to detect as each new variation may require its own signature in order to identify it correctly.

According to the July 2011 Symantec Intelligence Report, one in 280.9 e-mails globally, was identified as malicious. In Canada, this was higher with one in 255.9 e-mails deemed malicious.

In the U.S., it was lower with one in 634.8. Since February, the proportion of email-borne malware that is polymorphic and especially aggressive in this new form has more than doubled around the world from 10.3 percent to 23.7 percent in July.

This new wave of aggressive polymorphic malware is a danger to any Internet user because of its manifold variety, often making it difficult for traditional security defences to detect.

The malware is frequently sent over e-mail disguised as an attached ZIP archive file, PDF file or a seemingly harmless office document. One of the more recent examples of a malware attack using polymorphic techniques is one that’s disguised as correspondence from parcel carriers and courier-based delivery services.

Examples of recent malicious e-mails using sophisticated polymorphic techniques

 

With attackers’ intentions remaining the same – to take over control of users’ computers and collect personal information for financial gain – they have become more aggressive in their techniques, which has resulted in this explosion in dangerous malware variants and strains.

As malware threats continue to evolve, it’s important for businesses and end-users to protect themselves by following and using solutions such as comprehensive endpoint security and data loss prevention to prevent data breaches and add an extra layer of security. Users should also encrypt sensitive data and implement strong passwords and IT policies around e-mail attachment configurations and the use of removable media.

 

Paul Wood is an Intelligence Senior Analyst at the MessageLabs’ of Symantec Hosted Services

Share on LinkedIn Share with Google+
  • yes,Polymorphic malware badly impacted on Internet and this is done by some of the specific countries.
    Thanks

    Polycom Toronto

  • It will be interesting to see what Symantec has up their sleeves to counter all of this malware that’s popping up. It’s almost as if the malware is constantly evolving to keep this cat and mouse game going on perpetually.