Malware persists on compromised machines: Trend Micro

Eighty percent of computers that have been compromised are still infected after 30 days, and nearly 50 percent remain compromised after 10 months, according to research by Trend Micro.

“When machines are compromised, they're compromised for a long time,” Dave Rand, CTO of Trend Micro, told SCMagazineUS.com.

The malware remains undiscovered because it tends to stay under the radar – it doesn't do anything blatant, such as consuming system resources, that would tip off the victim, he said.
Also, because these infected PCs typically are part of botnets, they get new software revisions frequently, making them even more difficult to detect.

“After the machine is infected, the auto-updates take over, and they are actually more efficient than many AV applications,” Rand said.

In 2009, virtually all malware tracked by Trend Micro was used by cybercriminals to steal information, Rand wrote on the TrendLabs blog. The three most dangerous botnets in terms of information, financial and identity theft are Koobface, Zeus/Zbot and Ilomo/Clampi.

“The most important thing to recognise is that the machines will not fix themselves,” Rand said. “Someone has to look at the activity of these machines, and that should happen at the network level. We need to get better network tools into the hands of the enterprise.”

It is likely that a few hundred criminals have more than 100 million computers under their control, he said. This means that cybercriminals have more computing power at their disposal than the entire world's supercomputers combined.

“The internet is a dangerous place still,” Rand said. “We need to be aware that there is an incredible amount of information leaking out of the enterprise.”

See original article on scmagazineus.com