What are Malware Variants and Why Are They So Dangerous?
Malware variants pose new threats to your data security. Find out how they work and why they’re on the rise.
A variant is an improvement on old malware. It combines something old and something new. Variants are a growing threat to business security.
Take a successful piece of Malware like WannaCry, which shut down government agencies and organizations around the world this year. The damage was caused by an old Windows vulnerability that had previously been fixed. However, inadequate company security practices left them open to an attack.
When a piece of malware successfully targets a vulnerability, two significant things occur:
- Security experts race to pinpoint what vulnerabilities are being targeted and how they can be patched.
- Hackers around the world take note of the success and start investigating the malware for their own use.
Because malware code is typically available from sources like the Dark Web, hackers can tweak it the original version so it will attack different types of data, protect itself more effectively, find new openings to exploit, and more. Each version that’s created and unleashed is a “variant” of the original attack.
Malware can be “patched” the same way it’s done with other forms of software—Weaknesses are removed and old mistakes are corrected. Hackers update viruses and worms so they can overcome new security, and stay a step ahead of white-hat programmers for as long as possible.
Malware doesn’t die when security provides patches to stop it. Variants continue to live on for years into the future, and some of those variants will be even more dangerous than the original attack.
The original creators of a malware attack release variants over time (most malware is a mishmash of techniques formed over years, so “original creator” doesn’t mean much in this context). A malicious type of crowdsourcing quickly emerges where hackers use their own approaches and knowledge to create a variant and sell it as a new and improved version of the older malware. That’s why we see a number of variants in the months following a famous hack—Multiple hackers work to improve it and capitalize on the improvements.
Variants Help Old Malware Re-Emerge
Another problem with variants is that they can lie dormant for some time and then spring back to life. This is an unpleasant surprise for security experts. Malware that they haven’t seen in years suddenly comes back, ready to wreak havoc again. This time it’s loaded with the latest tricks and updates. These variants allow for some very old malware to pose a new threat.
An example of this is Locky, an infamous ransomware that attacked in 2016. The attack was put down, and subsequent variants didn’t do much damage. However, in August 2017 security experts noticed a sudden surge in new Locky attacks. The latest software variant was utilizing a new method of infection via clever phishing emails that encouraged the spread of Locky via a suspect download. Locky then got to work locking files and demanding a stupendous $4,000 payment for their release. It’s a good example of what a long-term headache malware can become.
There are a Lot of Variants
Variants aren’t like singular sequels – They are more like an ant queen giving birth to a new colony. Any small change is enough to create a new variant, and with hackers working around the world to enhance their attacks, the stream of variants is more or less unending.
According to AV-Test, there were 143 million new malware samples, and 12 million new variants per month (or 400,000 new variants every day!). Many of these variants are relatively harmless, however, some are much more dangerous. Security experts must find out which these are.
Variants are Increasingly Popular
The quantity of variants isn’t slowing down anytime soon. In the past few years, the number of variants has sharply risen, along with Internet access and enterprising hackers—
- 27% of all malware variants were created in 2015 alone, a number that’s likely to be surpassed as new data is revealed.
- Around five new malware variants are discovered every second.
This isn’t a problem that’s going away anytime soon.
Variants Exploit New Vulnerabilities
The worst types of variants are those that develop new tricks to bypass the latest security measures. Remember the Locky ransomware resurgence we mentioned? It was retooled to show up as an “unknown file.” This wasn’t a problem for security filters that operated on a default-deny basis where any unrecognized file is blocked. However, many businesses didn’t have this stringent protection, so it posed a threat, even if though they were protected from the older version.
You Have to Stay on Top of This
Here’s the bottom line: Malware doesn’t die when security provides patches to stop it. Variants continue to live on for years into the future, and some of those variants will be even more dangerous than the original attack. However, there is good news. Today’s security efforts are more advanced than ever, and even small companies can receive reports about the latest attacks, with options like Microsoft’s Threat Intelligence for O365. It’s time to make use of these new tools! Don’t delay.
Want to learn about the latest variants and how we can prevent them from infecting your IT? We can help. Intivix provides data and security services to companies in the San Francisco Bay Area. Call us at (415) 543-1033 or send us a message at [email protected]. We’ll get right back to you.