Malware getting smarter and tougher?

[v.laurie]

What is the opinion about the outlook for a worsening malware problem given in this article? It begins

Quote:

Hang on everyone, it looks like it’s going to be a wild ride in 2014 on the malware front. Malware source code moved to be “open” in 2013. As a result of this “open source” style —where building blocks and code are readily available to malware writers — both the speed of change and the effectiveness of malware are set to accelerate. Attackers will be able to start with standard code that can then be easily adapted, modified and obfuscated in executables to change the patterns that AV and other malware prevention software looks for, and expand the attacks that a given piece of malware uses. What that means to all of us is that traditional malware prevention methods will continue to become less and less effective.

What do you think of this statement?

Quote:

I think we will also start to see sandbox techniques become less relevant. Today’s sandbox techniques that identify new malware rely on the malware being executed immediately, or at most, after an initial reboot. This is an easy challenge for hackers to overcome and I predict we’ll see a new generation of “wait to invade” malware. This type of malware will be written to fly under the radar, avoiding detection techniques for long periods of time, then trying to maximize damage.

[sicknero]

I don't really understand the second statement ...

Comodo auto-sandboxing kicks in as soon as an executable runs however long it's been sitting on your HDD and will block or isolate it depending on your settings.

I don't understand how "wait to invade" would compromise that? I'm not proposing that CIS is immune, just that I don't follow the idea being presented here.

[Anupam]

Another article with scare tactics with the motive of promoting their own products.

[mr6n8]

Quote:

Originally Posted by Anupam

Another article with scare tactics with the motive of promoting their own products.

Well said. I agree completely.

BTW, the "open source" situation for hackers is not new. There have been such communities for years.

[v.laurie]

Quote:

Originally Posted by Anupam

Another article with scare tactics with the motive of promoting their own products.

Are you saying that there is no substance at all to the idea that malware writers are devising smarter, harder to detect exploits? AV companies certainly have a vested interest in making things sound bad but should everything they say be dismissed out of hand? What do you tell ordinary people who read about threats and ask you about them?

[mr6n8]

Quote:

Originally Posted by v.laurie

Are you saying that there is no substance at all to the idea that malware writers are devising smarter, harder to detect exploits? AV companies certainly have a vested interest in making things sound bad but should everything they say be dismissed out of hand? What do you tell ordinary people who read about threats and ask you about them?

Saying that malware writers are developing new and smarter malware is like saying the sun will rise tomorrow. Yes that is happening.

The gist of this article is to dismiss Sandboxing with the advent of "wait to invade" malware - have you seen this out in the real world?
The article says " I predict we’ll see a new generation of “wait to invade” malware." offering no proof.

As to the other main point of the article on the "new" open source attitude in malware - that is not new at all.

[v.laurie]

Quote:

Originally Posted by mr6n8

Saying that malware writers are developing new and smarter malware is like saying the sun will rise tomorrow. Yes that is happening.

OK, could you clue us in on some of the new developments in malware so we can help the great unwashed public defend themselves?

[mr6n8]

Quote:

Originally Posted by v.laurie

OK, could you clue us in on some of the new developments in malware so we can help the great unwashed public defend themselves?

Excuse me - I am not the one - you are - who put forth that proposition. So where is your proof and your solution?

I am just saying that is what has happened in the past and is likely to happen in the future.

My solution- do not download anything unless you know what it is and do not open suspicious attachments on emails.

[Personal comment edited out]

[Taurus]

Quote:

Originally Posted by Anupam

Another article with scare tactics with the motive of promoting their own products.

Yes sir, same old same old.

[sicknero]

So can anyone here actually understand/explain this concept of "wait to invade"?

"Today’s sandbox techniques that identify new malware rely on the malware being executed immediately, or at most, after an initial reboot. This is an easy challenge for hackers to overcome ..."

This idea that sandboxing only works if malware is executed immediately doens't make sense to me. Perhaps I'm just being a bit slow.

Also, if it's such an easy challenge why hasn't it been overcome already?