The Growing Malware Problem

On Friday. I'm lecturing at Dartmouth College to the TISH workgroup (Trustworthy Information Systems for Healthcare) about the growing malware problem we're all facing.

Have you ever seen a Zombie film?   If so, you know that to stop Zombies you must shoot them in the head - the only problem is that the steady stream of Zombies never seems to end and they keep infecting others.   Just when you've eradicated every Zombie but one, the infection gets transmitted and the problem returns.   You spend your day shooting them but you never seem to make any progress.

A Zombie in computer science is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.

Staring in March of 2011, the rise in malware on the internet has created millions of zombie computers.   Experts estimate that 48% of all computers on the internet are infected.   Malware is transmitted from infected photos (Heidi Klum is the most dangerous celebrity on the internet this year),  infected PDFs, infected Java files,  ActiveX controls that take advantage of Windows/Internet Explorer vulnerabilities and numerous other means.

Here's the problem - the nature of this new malware is that it is hard to detect (often hiding on hard disk boot tracks), it's hard to remove (often requiring complete reinstallation of the operating system), and anti-virus software no longer works against it.

A new virus is released on the internet every 30 seconds.   Modern viruses contain self modifying code.  The "signature" approaches used in anti-virus software to rapidly identify known viruses, does not work with this new generation of malware.

Android attacks have increased 400% in the past year.   Even the Apple App Store is not safe.

Apple OS X is not immune.  Experts estimate that some recent viruses infections are 15% Mac.

If attacks are escalating and our existing tools to prevent them do not work, what must we do?

Alas, we must limit inbound and outbound traffic to corporate networks.

BIDMC will pilot increased restrictions in a few departments to determine if it reduces the amount of malware we detect and eradicate.    I'll report on the details over the next few months.

One of these restrictions will be increased web content filtering.    I predict in a few years, that corporate networks will advance from content filtering to more restrictive "white listing".   Instead of blocking selective content categories, they will allow only those websites reputed to be safe (at that moment anyway).  I think it is likely corporate networks will block personal email, auction sites, and those social networking sites which are vectors for malware.

It's truly tragic that the internet has become such a swamp, especially at a time that we want to encourage the purchase of consumer devices such as tablets and smartphones.

I've said before that security is a cold war.   Unfortunately, starting in March, the malware authors launched an assault on us all.    We'll need to take urgent action to defend ourselves and I'll update you on our pilots to share our successful tactics.