The Rise of Polymorphic Malware

twoheadedboy writes "The level of aggressive, polymorphic malware intercepted by Symantec doubled in July, when compared to figures from six months ago. This kind of malware has been typically found inside an executable within an attached ZIP file disguised as a PDF file, and is pretty darn good at getting around traditional anti-virus products. 'There are powerful Darwinian forces acting on the development of malware by criminals,' said Martin Lee, senior software engineer at Symantec. 'Those who look to innovate and improve their malware tend to infect more computers and acquire the resources to reinvest in further development and innovation.'"

Antivirus makes a better suggestion than solution

[sl4shd0rk]

Several reasons why Antivirus is a fail:
    1) 0-day. Your AV will never pick it up
    2) polymorphism - if the virus sig changes, you're hosed
    3) People think: "Since I have AV, I can't get infected"
    4) People think: "AV didn't find anything wrong, so I must be clean"
    5) When AV doesn't work, people assume it's broken

Antivirus has evolved into a "solution" when it's clearly not capable. How many infected windows installs have you found where Norton took a head-shot, or some kind of AV *was* installed at one time but got smoked?

What's needed: OSs need to plug their holes. Browsers could be fixed so it doesn't hand off malicious content to system executables. The OS itself should be trimmed down so not everyone is running SMB/RPC (or other commonly exploited services) by default. Executables which handle web contect could be sandboxed and run by a lower privilege user (this can be done in Unix, so why not windows?). Why do these things not happen?

AV is great when it works but it's proving not to be enough.