Malware has Changed, But its Name Hasn't -- and Likely Won't
What's in a name? For one security expert, not enough when the name is "malware."
Thu, February 20, 2014
CSO — What's in a name? For one security expert, not enough when the name is "malware."
In a recent blog post, Seculert CTO Aviv Raff argued that, especially in the security industry, being, "stuck using the same old terms to describe completely new things," can be dangerous.
"Failing to grasp an old term's new meaning can pose a significant danger to the stability, success and in some cases, survival of an enterprise," he wrote. "And in my view, there is no clearer example of this than the term 'malware.'"
Raff's premise is that when the term was coined, malware was typically the province of "script kiddies," and while it could be damaging, it was rarely devastating, and could be defeated by good perimeter security.
Today, he said, sophisticated criminals, hacktivists and nation states or their surrogates have replaced the script kiddies. The attacks are no longer broad and indiscriminate, but precise and targeted. And they are not deterred or in many cases even detected by perimeter security, to the point where they can exist on a network for months or even years.
Indeed, just weeks ago, researchers discovered one of the most advanced threats to date, known as Careto, or "the mask," which they said had gone undetected for seven years, and had compromised the data of 380 government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists in 31 countries from the Middle East and Europe to Africa and the Americas.
In short, malware is, "completely different and qualitatively more dangerous," Raff wrote.
His security colleagues agree with him about the evolution and danger of malware, but he doesn't have many signing on to re-label it.
"We could call it 'really, really bad stuff,'" said Kevin McAleavey, a malware expert and cofounder of the KNOS Project. "(Humor columnist) Dave Barry would approve."
Lysa Myers, security researcher at ESET, said the term actually reflects the evolution Raff is talking about. "Before, 'bad things' were referred to as viruses and Trojans -- terms that were intention-neutral but described something that was unexpected and unwanted," she said. As those attacks began to reflect financial and/or political motivations, "malware" was coined to define, "software that is created with malicious intentions."
Mario de Boer, research director for Security and Risk Management Strategies at Gartner for Technical Professionals, believes the term is, "still adequately describing what it is, even though delivery methods, evasion techniques and complexity have evolved."
And Antti Tikkanen, director of security research at F-Secure, said he thinks re-naming malware would just cause confusion. "The bad guys still write malicious code to do bad things on your computer," he said. "They just do it better, with bigger budgets, and for different reasons than before. So you need to understand the attackers -- the tools they use are secondary."