Polymorphic Threats

I have been reading up on recent reports about Polymorphic Threats, and how they are being used to help botnets continue their dominance. Polymorphic malware is malicious code that constantly changes itself to make it undetectable to both signature and behavioral based filters.

While these threats have been around since the 80's, and there were a series of outbreaks in the early 2000s, only lately have they entered the news again. One recent example is the "Storm Worm," of which the company, Commtouch, detected tens of thousands of variants, which is characteristic of polymorphic threats.

This means that the many of the old methods of scanning for malware simply don't work anymore, as they cannot pick up variants. Today, besides standard malware searches, a company's defense must also have something that scans for variants.

Message Partners has exactly such a system, and we have found great success using Commtouch partnered with other, more general AV and AS scanners that, while they might not look as closely, can operate much faster and weed out a majority of the easy-to-find bad stuff. Layered defenses are now a necessity. Read more about us at Message Partners.