A third of malware missed by virtual analysis

A lot of malware seems to be going undetected these days.

Virtual insanity. It’s what we’re living in, Jamiroquai sang, and there’s nothing so bad. Except there is something pretty bad, at least when it comes to how effective virtual scanning is at detecting malware. CSO spoke with multiple security experts and found that a third of malware is missed by virtual analysis. Virtual insanity, indeed.

“Overall, there are so many ways malware can uncover it is inside a virtual environment that it is practically impossible to completely obscure from malware that it’s running inside a virtualized environment,” said Gunter Ollmann, vice president of research at malware analysis company Damballa, according to the news source. “The tools that are being developed by the bad guys to ensure that their malware is undetectable and successfully installed inside an environment has always been more advanced than the antivirus technologies.”

To battle against this malware, Ollman said that organizations need to do what they can to prevent hackers and scam artists infiltrating their systems. He said businesses must update their security systems in an effort to keep the bad guys out and keep things up and running. Even if scanning tools missed a lot of malware in virtualized environments, the good news is that software has become more reliable at catching other types of exploits. Still, layered security, application control and other basic steps need to be taken to maximize safety.

PCWorld said smart online behavior is a key way to avoid malware, as hackers and scammers usually prey on those users who leave themselves wide open or fall into their traps. The website said to leave websites if you are unsure of the content, avoid putting anonymous disks or drives into the computer, don’t open just anything that shows up in your email and always avoid random pop-up windows.

“Some pop-up windows or boxes will attempt to corner you into downloading software or accepting a free ‘system scan’ of some type,” PCWorld said. “Often these pop-ups will employ scare tactics to make you believe you need what they are offering in order to be safe. Close the pop-up without clicking anything inside it (including the X in the corner). Close the window via Windows Task Manager (press Ctrl-Alt-Delete).”

How do you look to avoid malware? Do you take more of a reactive or proactive approach to shutting out malware? Let us know, and stay safe out there!

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.