A bit of a self-serving backstory, but it serves as a proxy for what’s happening out there: About a year and a half ago, we released a malware research tool, the Sunbelt CWSandbox. This is a tool which can automatically analyze any file in a safe environment, and give you a comprehensive report as to what the file does. We started by using the tool for our own research, and also licensed it to other companies. In the beginning, practically all of our customers were security researchers.
Then about six months ago, something curious happened: We started getting interest from enterprise and government institutions, and product sales started to climb. I was a bit baffled by what was happening — after all, this is a tool that has primarily been in the field of security research.
It turns out that the reason is simple: Targeted attacks are on the rise.
What’s happening is that organizations get some type of program, or attachment through social engineering. The file is run through a virus scanner, and many times, there’s no or little detection (because it might be a custom-crafted trojan). However, if they have a tool like the Sandbox, they can do a quick, automated analysis and find out if it’s bad or good.
No one has (yet) stats as to how big the problem is. However, there’s an overview of part of the problem in this week’s BusinessWeek, and some other commentary from our friends at F-Secure.
I’ll keep updating this blog as I get more interesting information on this subject.
Alex Eckelberry