Security gurus look for better ways to classify malware

Jeremy Kirk   Today’s Top Stories   or  Other Security Stories  

Winning Enterprise Authentication: 5 Key Steps for Success Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management A Simpler Approach to Remote Access Smart Security Choices for Mobile Workers File Integrity Monitoring: Secure Your Virtual and Physical IT Environments Computerworld Technology Briefing: Intelligent Users Use Business Intelligence Virtual Reality SaaS Solutions for Remote Systems Management Sign up to receive Security Resource Alerts

September 19, 2007 (IDG News Service) -- Two senior security veterans at Trend Micro Inc. are trying to get the industry to change the way it classifies malicious software.

They argue that today's classification system, which tends to focus on the technical way software works, neglects a far more important metric that matters more to users: how it tries to steal their money.

"This is my pet bugaboo -- the unclear language," said David Perry, global director for education at Tokyo-based Trend Micro. "I come from 26 years of technical support, and it irks me that we protect people against things and they don't know what we're protecting them against."

Perry and Anthony Arrott will present their paper, "New Approaches to Categorizing Economically-Motivated Digital Threats," on Friday at a security conference in Vienna.

Take the term "virus." The proper definition of virus is a piece of software that replicates or makes copies of itself and attaches itself to other pieces of software.

But for nonsecurity professionals, it's "taken to mean the universal indication that there is something wrong with their computer, no matter what the cause," Perry said. Toss in relatively newer terms such as "Trojan horse," "dialer" and "adware," and the situation becomes a mix of confusing vocabulary.

Perry and Arrott stop short of proposing a new taxonomy. However, they do detail some parameters that should be considered when building a new framework to categorize Web threats.

Although malware categorization systems exist, a new one is necessary because of the focus on economic crime. The "business models" behind the malware are far easier to define than the infinite technical variations that the malware can take, they write.

Malware that can be classified into fewer, overlapping categories would help deflect "the endless efforts to determine the exact definitions of the boundaries between categories," Perry said.

The new groupings would ideally take into account how a threat is installed, its economic purpose and how it exploits a host computer, as well as how it hides itself from detection, the paper said.

Another new metric that could be considered is the persistence of threats, since it may more accurately frame the scope of an ongoing fraud. The antivirus industry has tended to focus on "top 10" lists, which indicate the most frequent recent threats, but not the most successful attacks over time, the paper said.

Trend Micro researched the fraudulent antispyware programs that were most persistent on computers. This research indicated the diversity and depth of fraudulent programs such as Winfixer or the Zlob Trojan horse, which purport to fix security problems but install advertising software instead.

"Rogue antispyware is just one example of economically-motivated threats where chronic persistence is more significant than acute outbreaks," the authors wrote.

Perry is hoping for fruitful discussions on taxonomy, although he said the security industry is notoriously fractured and not exactly known for working well together. "There are no grownups in this industry," he said.

Ultimately, Perry said he believes the proposal is "a bid toward accuracy and to 'deconflict' the issues that face us as an industry."

Reprinted with permission from

IDG.net
Story copyright 2008 International Data Group. All rights reserved.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"So first there is the Twitter phishing attack, and now an 18-year-old hacker gets into their admin tools and does..." Read more... Read more Security posts or See all Blogs

Windows 7 public beta to be available Friday Hack forces Twitter into 'full security review' 10 must-have free BlackBerry apps More top stories...

Ballmer sets loose Windows 7 public beta Fake LinkedIn profiles promise prurient pics, send patsies malware instead Cisco down to business with gear for digital home

The 9 hottest skills for '09 The downturn has softened the IT talent market but done little to weaken demand for SAP, .Net and other technical skills. Fast fixes for common PC problems Every computer user hits a speed bump now and then. Here are some speedy, simple solutions to hardware, software, network, Internet and mobile-device crises. Apple's 5 biggest moments in 2008 From the iPhone 3G to 'unibody' MacBooks, 2008 was a standout year for Apple. Hands-on Linux: New distro versions push the envelope We've got reviews and videos of the new Ubuntu 8.10, Fedora 10 and openSUSE 11.1. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2009 Premier 100 IT Leaders 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Process Automation with Symantec Process Automation with Symantec View this new webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Creating a green data center to help reduce energy costs and gain a competitive advantage Download this new white paper today! (Source: VMware) With today's rapid IT growth, companies are looking to consolidate datacenter operations to achieve space and cost savings. And as energy costs continue to rise, datacenter efficiency becomes even more important. This IBM report details how companies are reducing energy usage and costs to gain a completive advantage. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Extend Your VPN Smart Security Choices for Mobile Workers Leverage Web-based Remote Access to Boost Productivity View more whitepapers

• Windows 7 public beta to be available Friday
• Ballmer sets loose Windows 7 public beta
• Hack forces Twitter into 'full security review'
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

Dan Tynan: CES preview: The wireless revolution is finally here Two themes are clearly emerging: gadgets are going wireless in a big way, and everything is finally getting connected. ... [more]