Hidden malware a growing problem says IBM's ISS X-Force

Hidden malware - trojans and other nasties that are encrypted or use code obfuscation techniques to hide their real intent - are on the rise, according to a report out today from IBM's ISS X-Force operation.

According to ISS - which bases its research on an analysis of more than 210,000 samples of malware - the volume of malware recorded in the first eights months of this year was more than that seen during the whole of 2006.

Confirming previous quarterly threat reports from Finjan, the pro-active Web security firm, the ISS X-Force peeps report there is now a thriving industry in managed exploit providers.

These criminals, says ISS X-Force, buy exploit code from the underground, encrypting it to prevent others pirating the code before selling it on to spam distributors.

The report says that trojans now account for most of the malware discovered on the Internet this year - accounting for 28 per cent of all malware.

Hidden malware also appears to be on the increase this year. During 2006, 50 per cent of Web sites hosting exploit material hid (obfuscated) their payload. This year, ISS X-Force puts that figure at around 80 per cent.

According to the researchers, the increasing profitability of malware has meant that an increasing number of vulnerabilities are remaining undisclosed as criminals use them to make dosh.

Read the full report here...