Donna’s SecurityFlash is a must-read resource for anyone interested in computer security – especially if, like me, you are preparing for a presentation on computer security next week.
Today, she points to a great article by Peter Tippett called “The Fourth Generation of Malware.” The article is mandatory reading for anyone who still thinks that anti-virus software is all the protection you need and for anyone who wants to gain a greater appreciation of what the threat environment for computers today.
Tippett describes four generations of “malware,” while noting the 20th anniversary of the first computer virus:
1. DOS Viruses (1986 – 1995)
2. Macro Viruses (1995 – 2000)
3. Big Impact Worms (1999 – 2005)
4. Malcode for Profit (2004 – to present)
The money quote:

Over the last twenty years, worms have used all types of replication vectors, which of course increase with each advance in technology. Authors have worked diligently to have their worms and Trojans avoid detection and reach more victims with every iteration. For instance during this fourth generation, we’ve witnessed Backdoors, Trojans and root kits that enable the free reuse of the infected computer, and bots that create ‘zombies’ out of a network of computers that allow the malcode perpetrator to orchestrate responses among tens of thousands, or even millions, of victims at a time.
With each generation of malware growing more complex and devastating, it’s become increasingly important for CIOs to know not only who is on their network, but who is accessing their network.
While there isn’t an end-all-be-all solution to wiping malicious code authors off the face of the Earth, having the best security policies and procedures in place will help enterprises avoid a crippling network attack that not only puts information at risk, but impedes productivity and ultimately damages the bottom line.

[Originally posted on DennisKennedy.Blog (]
Learn more about legal technology at Dennis Kennedy’s Legal Technology Central page.
Technorati tags: