Think Information. Think Security.
Now that the Lulzboat has run aground during its three hour tour, and the rats have gone overboard in search of the relative safety of a pineapple under the sea, the computer media continues with the personal soap operas of "Anonymous" and "AntiSec" with the kids engaged in their infighting, whereas the attention of security people returns once again to the larger, more serious issues that involve the client side of the world.

When we last left our heroes, Microsoft had announced the takedown of a major botnet known as "Rustock." Well... not a complete takedown of course, but it's dwindled a bit aseWeek reports. Rustock had a good run before it was wrestled to the ground (almost) given that it first appeared in 2006.

A mere five year half life for malware is considered perfectly acceptable these days in the computer security realm.

Even bigger headlines continue over a rootkit and botnet known as the "TDSS family" or "TDL" depending on which antivirus created the signature definition for it and has been with us for a much shorter time - April of 2008.

The latest incarnation, gathering press as "TDL4" however has publicly caused the security industry to transition into full panic mode and literally throw in the towel as the solution to this and other malware continues to elude the industry according to widespread reports while our attention was distracted by the kiddie wars on the lulzboat.

Computerworld reported "Massive botnet 'indestructible,' say researchers" on this latest variant, and Infoworld ramped it up yet another notch with their headline of "How to live with malware infections" making it quite clear that all is lost, give up and in a paraphrasing of Dr. Strangelove, "How I Learned to Stop Worrying and Love the infection".

Meanwhile KasperskyLab went apoplectic over the interpretation of their own report on the TDL4 analysis - Kaspersky and "corrected" the bad press, resulting in Infoworld releasing a story that reminisces of Kevin Bacon as Chip Diller in 1978's Animal house in the middle of the mayhem screaming at the top of his lungs, "Remain calm! All is well!" as he's crushed by the fleeing mob.

And just this past week, yet another catastrophe was reported in the computer media over a rootkit called Popureb which according to Microsoft, requires not only a complete trashing of the system, but extreme geekery in having to redo your boot sector first or any repair will fail.

And of course, once the public relations departments got wind of the story, another correction of the original report is the solution. See? Not much of a problem at all. Nothing to see here.

The Lulz attacks depended entirely on botnets to perform their DDOS, provide their anonymity, and gather their lists of targets to hit their victims. Backdoors, rootkits and bots. All CLIENT side malware. Without it, they couldn't have succeeded in the first place! "Spear-fishing" attacks also depend on malware slipping past the guards on client desktops as well, extending the damage far beyond simple social engineering.

Sadly, the antivirus industry has been losing the battle on Windows for a very long time. I know, I was in that business and was there since the very beginning of antivirus. And I tried very hard to get their attention and direct them to solutions that would have worked. They weren't interested. To see this public admission that 1980's technology has utterly failed is nothing short of breathtaking.

And for those on the Linux side of the world nodding their heads and snickering over Redmond's misfortune, I can only offer one word: Android. You can stop snickering now. It's the number two petri dish these days.

In this series, I will set forth the history of antivirus and the industry because it's important to know how we got from there to here, then a litany of mistakes along the way on the part of the operating system vendors, the end users, administrators and most significantly how marketing and mindsets impacted our current situation in hopes that perhaps some changes might help mitigate the problem, and finally some actual solutions that can make a difference if an entirely different regime is applied in the future.

We didn't get here as the result of some evil plan, it was the result of the same factors that turned those erstwhile nautical script kiddies into a powerful force: complacency, intractability, incompetence and the cover of public relations.

Stay tuned for the next part of this series where I will explain the history of malware and how it's been dealt with for nearly 30 years by the security industry.

Source: Infosec Island

Leave a Reply.