Security veterans on look for better ways to classify malware

Two senior security veterans from Trend Micro are trying to get the industry to change how it classifies malicious software. They argue that today's classification system, which tends to focus on the technical way the software works, neglects a far more important metric that matters more to users: how it tries to steal your money. […]

Two senior security veterans from Trend Micro are trying to get the industry to change how it classifies malicious software.

They argue that today's classification system, which tends to focus on the technical way the software works, neglects a far more important metric that matters more to users: how it tries to steal your money.

"This is my pet bug-a-boo -- the unclear language," said David Perry, global director for education at Trend. "I come from 26 years of technical support, and it irks me that we protect people against things and they don't know what we're protecting them against."

Perry and Anthony Arrott will present their paper, "New approaches to categorizing economically motivated digital threats," on Friday at a security conference in Vienna.

Take the term "virus." The proper definition of virus is a piece of software that replicates or makes copies of itself and attaches itself to other pieces of software.

But for nonsecurity professionals, it's "taken to mean the universal indication that there is something wrong with their computer, no matter what the cause," Perry said. Toss in relatively newer terms such as "Trojan horse," "dialer," and "adware" and the situation becomes a mix of confusing vocabulary.

Perry and Arrott stop short of proposing a new taxonomy. However, they do detail some parameters that should be considered when building a new framework to categorize Web threats.

Although malware categorization systems exist, a new one is necessary because of the focus on economic crime. The "business" models behind the malware are far easier to define than the infinite technical variations that the malware can take, they write.

Malware can then be classified into fewer, overlapping categories would help deflect "the endless efforts to determine the exact definitions of the boundaries between categories," Perry said.

The new groupings would ideally take into account how a threat is installed, its economic purpose, how it exploits a host computer as well as how it hides itself from detection, the paper said.

Full Article

Trend Micro, Malicious Software, Malware