Evolutionary Malware: Mobile Malware, Botnets, and Malware Toolkits

Malware Threat Statistics: A Revisit

The Web is perceived to be the biggest carrier transmitting threats to security and productivity in organizations, because websites can harbor not only undesirable content but also malicious code, often penetrating defenses through flaws in the operating system, browser, and accessory software. Estimates for infection sources encountered overwhelmingly named compromised or malicious web sites as the most frequent source at nearly 80% (Sophos, 2013). The dilemma for organizations is that the Web is an indispensable strategic tool for both internal and external interaction, though it is also an open route for cybercriminals to seek possible victims. Unlike the past in which most malicious code writers were motivated by curiosity or bragging rights, today’s IT world is experiencing the transition from traditional forms of viruses and worms to new and more complicated attacks proliferated by active criminals intent on financial gain. This trend is due to the capitalization of the malware industry where most malicious code writers tend to exploit system vulnerabilities to capture such high profile information as passwords, credentials for banking sites, and other personal information for identify theft and financial fraud. More complicated attacks can involve multiple malware approaches, such as a rootkit installed to allow further malware, such as spyware or ransomware, to be deployed much more easily. Once infected, the software continues to fight attempts to detect and purge it, through methods such as morphogenic code that disrupts code patterns used to detect malware, and accelerating development of malicious software, straining the resources of security firms as they press harder to keep up with new threats. Incentives and resource sources such as financial fraud make these combined and combative approaches more common, more dangerous, and more numerous.