There is a long standing expectation among the public, and even among IT people, that one should be able to see malware, or its effects. We expect malware to have symptoms, and perhaps this is the fault of the security industry. We use so much medical terminology in describing a malware infection. We talk about penetration, about payload, about logic bombs. There is a lot of jargon and most of it seems to describe an action.
On top of that we all have a mental image that comes to us courtesy of movies, novels and television. Science fiction viruses and other malware do immediate and dramatic things: They tip over oil tankers, open bank vault doors and bring alien spacecraft right down from the sky! (and how those aliens arrived running an Apple Macintosh I shall never know)
The worst malware, the stuff you hope you are not saddled with today or ever are built for a purpose. That purpose includes never being detected by you, or by your agents, or even by your antivirus software. It is stealthy and silent and to all intents and purposes entirely invisible.
We’ve all heard the term Advanced Persistent Threat. It is the major focus of enterprise level network attack at the time of this writing. To be Persistent, these threats must stay on your system for a long time. That means they don’t bother to announce their presence, to crash your systems or networks or even to slow them down. Those were the symptoms of an earlier era, when malware was written by amateurs.
The most well known APT, Stuxnet, had sabotage as its reason for existence. If Hollywood had filmed this malware event, the affected Iranian plant would have blown sky high, (and Bruce Willis would have barely escaped). In reality, it was slow and methodical, and the systems just appeared to fail. This isn’t so much dramatic, as, professional.
Welcome to the age of Ninja Malware.