It was all over the news the last few days. Researchers with BAE Systems determined that Russian malware known as Snake dates back as far as 2006, instead of 2011 as initially presented by a German security company G Data.
Germany-based G Data SecurityLabs released a "Red Paper" last week explaining that Snake (also called Uroburos) is a rootkit, composed of two files, that is able to take control of infected machines, execute arbitrary commands, hide system activities, and, ultimately, steal information and capture network traffic.
This apparently is the Russian equivalent of the U.S-Israel StuxNet/Flame malware, and even more adept at hiding itself. Would you believe it that -no- antivirus product prevented, detected and/or removed this for 8 (!) years? It's a scandal, what are you paying hard-won budget dollars for every year?
I'm sorry to say it, but antivirus cannot keep up with more than a million malware variants every week. It's time to do a "180" and instead of keeping the bad guys out, only allow "known-good" to run. It's known as whitelisting and as "Application Control", and it would prevent all those state-sponsored super-nasties to run, let alone run of the mill malware.
Five years from now, everybody will be whitelisting, and scratch their heads asking themselves: "Why didn't we do this 10 years ago"? It's only a matter of time before we find out how it infected the target workstations, and it wouldn't surprise me if social engineering was one of the ways.
