Typically, the go-to method is to use a cloud-based back-up and restore service that periodically creates a mirror image of what’s on a machine’s hard drive: documents, photos, chat logs, music and so on. Which sounds great, until one considers the likelihood that one or more of those files could be infected with malware.
In the US, which has a malware infection rate of more than a quarter of active machines (27.79%), hardware bugs are, if not a probability, at the very least a somewhat likely scenario for anyone who does anything online. Compromised files are one of the ways that malware propagates, but it also hides in them, undetected by the user as it carries out the orders that the command and control server is feeding it.
“Undetected” is the operative word there, according to Malwarebytes. “Most people think secure backup solutions like Carbonite or Mozy can be a cure for a compromised machine after they have trouble,” said Marcin Kleczynski, founder and CEO of Malwarebytes, in a statement. “The fact is, backups should be done when the machine is not infected, since restoring infected data will just re-establish the malware, and render the backup useless. The malware must be removed before backup.”
To that end, Malwarebytes has released its Secure Backup service, which automatically scans files for malware prior to backup, removing the threat of saving or sharing infected files. In addition to protecting files on their PCs, users can also securely back up files on their mobile devices through Malwarebytes Secure Backup for Android and iOS.
Malware is getting increasingly savvy at hiding from detection. For instance, the Magic malware was recently detected by Seculert, which remained undetected on machines for 11 months. “This ‘magic malware’ — as we’ve dubbed it [after a line of code the sample contains] — is active, persistent and had remained undetected on the targeted machines for the past 11 months”, wrote Aviv Raff, Seculert’s co-founder and CTO, in the company blog. “Since then the attackers were able to target several thousands of different entities, most of them located in the United Kingdom.”
Meanwhile, in February a new form of the Kelihos botnet was detected, using a “Nap” function in which it employs extended sleep calls to evade automated analysis systems capturing its behavior.
Evasive techniques are a hallmark of today’s advanced malware. “The whole industry has thought for over twenty years that if your Anti-Virus/Firewall/IDS/IPS/DLP saw no problems then there were none – when it fact it turns out that while these defenses are all good, they are not good enough when it comes to APTs,” Damballa’s Adrian Culley explained to Infosecurity. While only limited details of the magic malware have yet been released, he pointed to its “custom communication protocol, sidestepping much monitoring of regular communication protocols.”