· Have the malware agent created "on-the-fly" by the infector site and contain the equivalent of a license key that restricts its execution to only one computer - matching the IP address, Web browser agent information and Facebook user name.

Obviously, the bad guys can be infinitely inventive. The point being that it will always be possible for the attackers to detect whether their malware agent is being analyzed on a computer that wasn't their intended target, and they can make the malware act benignly, thereby evading the automated analysis system.

It's not rocket science, it's not brain surgery, it's common sense being employed by a large number of very crafty individuals. Then, once it's packed in to a DIY kit or armoring tool, it's just a commodity evasion technique available to all and sundry.

What does this mean to the folks charged with protecting their corporation from the broad malware threat? It means that there's a breed of mouse that figured out how to get your cheese from that better mouse trap quite some time ago, and they're training their skinny buddies to do likewise. Deploying the current generation of a better mouse trap isn't going to stop the evolving threat - but it will do two things: It will kill off the remaining skinny mice, and it will probably stop more salesmen from knocking on your door and trying to sell you their version of the better mouse trap. Perhaps it's worth it then?

Gunter Ollmann has more than 20 years of experience within the information technology industry and is a known veteran in the security space. Prior to joining Damballa, Gunter held several strategic positions at IBM Internet Security Systems (IBM ISS) with the most recent one being the Chief Security Strategist, director of X-Force as well as the former head of X-Force security assessment services for EMEA while at ISS (which was acquired by IBM in 2006). Gunter has been a contributor to multiple leading international IT and security focused magazines and journals, and has authored, developed and delivered a number of highly technical courses on Web application security.