Transient Malware is the New Online Threat

Security software company, AVG Technologies, reports that as many as 300,000 new, unique Websites launch every day, whose sole purpose is to infect visiting computers with malware. Not only has this number jumped up from as many as 200,000 only three months earlier, but many of these sites stay active for only a short period of time--sometimes just a day or two--giving them just enough time to infect enough PCs, but then disappear before they are routed out or blacklisted.

 Credit: AVG Technologies
It is the transient nature of these online threats that AVG claims makes them so dangerous and difficult to track and detect. Many of these "here today, gone tomorrow" sites enlist "drive-by downloads," which can infect users' systems just from the users visiting the site, without actually clicking on anything on the site. "AVG's research indicates that close to 60% of sites launching 'drive-by downloads' are infective for one day or less."

Another type of transient attack comes from "malverts," which are seemingly innocuous advertisements submitted to advertising networks, but which actually harbor malware. By the time the malverts are discovered for what they really are, the malvert developers have already moved on to new malvert submissions.

Malware can serve many nefarious purposes, but the predominant trend is for malware to attempt to steal personal information from your computer, such as "passwords, bank account information, and other valuable personal data." Most, if not all malware, attempts to do this without the user's knowledge or consent.

  Credit: AVG Technologies
AVG posits that most "traditional" security software applications are ill prepared for this sort of threat:

"This transience means that anyone relying on security software that provides protection using traditional virus 'signatures' or by periodically scanning the millions of sites active on the web at any given time is completely unprotected just when they need that protection most: that crucial time when they click a link to a site poisoned with one of these transient infections."

Not coincidentally, AVG claim that its Internet Security applications are not only prepared to deal with this type of threat, but that they offer "the industry's only real-time protection against the new generation of web-borne threats to protect users' personal information against unwanted intrusions from cybercriminals." The applications include a tool called LinkScanner, which analyzes every Web page you visit using Firefox of Internet Explorer, looking for certain types of "behavior" that indicates a threat might be present. LinkScanner also provides real-time safety ratings on search results from Google, Yahoo!, MSN, and Live.

AVG's software might have a unique approach, but the company's claim that its software is the only one available that can protect against transient threats seems like too broad a claim. If it were true, then we'd be hearing about far more security breaches on systems that use competing software. Regardless of the claims, however, AVG's report should be heeded by users, hosting services, and Website admins alike--there are some very real threats out there, and we must pay attention to how they change and grow in sophistication so that we can keep our technologies, practices, and behaviors in step to so as to best try to thwart these threats.
Tags:  Malware, security