Microsoft: Recovery from Malware Becoming Impossible

April 6th, 2006

This seemed shocking at first, like Microsoft is admitting defeat and giving up. But on reflection, that’s the way you deal with a compromised Unix system as well — rebuild it from scratch. I found the observation about motive to be interesting. More crackers are compromising systems as a way to make money and not ust for their own amusement or for bragging rights. This will attract a more skilled, motivated and determined group of bad guys. Money is the root of all evil, as usual.

Microsoft Says Recovery from Malware Becoming Impossible

April 4, 2006, By Ryan Naraine, Ziff Davis Media Inc.

LAKE BUENA VISTA, Fla. In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.

“When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,” Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here. Danseglio, who delivered two separate presentations at the conference — one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits — said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is “just way too hard.”

“We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,” he said. Danseglio said malicious hackers are conducting targeted attacks that are “stealthy and effective” and warned that the for-profit motive is much more serious than even the destructive network worms of the past. “In 2006, the attackers want to pay the rent. They don’t want to write a worm that destroys your hardware. They want to assimilate your computers and use them to make money.