Using Business Impact to Categorize Malware
Business analysts constantly analyze multidimensional data, like how many units were sold by product, by time, by geography, etc. Why not have multiple categories for malware? Researchers from Trend Micro are on to something with their proposal to use business impact as on the dimensions for categorizing malware. Right now most categorization schemes are based on technical aspects of malware structure and function. According to PC World David Perry and Anthony Arrott have called for this but don't quite go so far as to propose a taxonomy of categories. Still, just getting the idea out there is a good start.
Here is there take on the problem:
Although malware categorization systems exist, a new one is necessary because of the focus on economic crime. The "business" models behind the malware are far easier to define than the infinite technical variations that the malware can take, they write.Malware can then be classified into fewer, overlapping categories would help deflect "the endless efforts to determine the exact definitions of the boundaries between categories," Perry said.
The new groupings would ideally take into account how a threat is installed, its economic purpose, how it exploits a host computer as well as how it hides itself from detection, the paper said.
They also want to consider persistence, because some threats, like spyware, linger on even when there isn't a newsworthy burst of activity a la Storm worm.
This is sound proposal. The current technical categories help AV researchers do what they do, lets build on that to help IT professionals do what they do.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
