NEWS: Australia Faces Cybergeddon Threat
Kudos to Jason Pearce, M86 Security’s Director of Sales Engineering APAC. He’s come up with new terminology that is actually not that bad. ‘Cybergeddon’ is the first. I like that. But then he goes on to draw a distinction between ‘malware’ and ‘crimeware’:
Viruses and malware have typically been focused on causing damage whereas crimeware is focused on stealing personal identifiable information such as banking credentials that can later be exploited for financial gain.
I’m not sure it’s a distinction that will hold up in the malware industry, but it’s an interesting populist definition that will be easily understood by the public. But back to the point of Pearce’s Cybergeddon warning:
Our Security Labs team ran a test on 30,000 live malware URLs in February 2010. Traditional URL filtering was found to be only 3.8% effective at identifying sites hosting crimeware: approximately 40% of infected sites were shown as safe and 60% as unclassified. The test was replicated with three anti-virus applications but despite being used in combination, these still only successfully detected 39% of the malware. Protection against cyber-crime requires a deep-dive detection methodology to form a complete solution, and that is Real-time Code Analysis technology… Cyber criminals are outsmarting traditional Web gateway protection mechanisms of URL filtering and anti-virus products using methods such as search engine cache content deliver, code obfuscation, dynamic code obfuscation and search engine optimisation.
Jason Pearce, Director of Sales Engineering, M86 Security APAC; speaking at AusCERT 2010 on Tuesday 18th May