Pentagon warned of software threats

A US defence department task force early next year plans to warn the Pentagon of a growing threat to national security from adversaries who could insert malicious code in software developed overseas, reports Computer World.

The Defense Science Board (DSB), a military/civilian think tank within the department, will issue a report that calls for a variety of prevention and detection measures but stops short of recommending that all software procured by the military be written in the US, said the head of the task force that has been studying the so-called foreign influence issue.

The possibility that programmers might hide Trojan horses, trapdoors and other malware inside the code they write is hardly a new concern. But the DSB will say in its report that three forces - the greater complexity of systems, their increased connectivity and the globalisation of the software industry - have combined to make the malware threat increasingly acute.

Virtualisation offers itself to a number of use case scenarios and solutions. One such use case that isn't talked about much is the examination of computer forensics. Honeypots are a common way for security professionals to conduct research on the common practices among computer hackers and attackers.

By leveraging a honeypot, researchers and administrators can gain a better understanding of the patterns and behaviours of their attackers. Virtualisation can help with creating this honeypot environment.

The problem with using server virtualisation to create these honeypot environments is that there are numerous ways for an attacker to identify when a system is running within a virtualised environment. Attackers are becoming more aware of people using virtualisation to try and thwart their efforts. As such, they are creating their malware with a self-defensive property to detect if the computer is a virtual machine.

Malware writers are going to become more professional in 2007 and mass virus outbreaks will be a thing of the past, an anti-virus expert predicts.

Dave Marcus, security research manager at anti-virus firm McAfee's Avert research labs said that the industry is seeing evidence of the rise of professional and organised crime in malware creation, "where development teams are creating malicious software, testing it and automating its production and release".

He said 35% of all malware samples ever discovered had been collected in the last two years alone.