Malicious code is currently targeted fraud, and Norman proposes a new type of automatic defense.
Threat Image from malicious code has changed. It was partly documented by the latest Itakt survey (Internet and telecommunications industry's anti-criminal measures). In San Francisco, where it now is on an international gathering of IT security industry under the auspices of RSA Security, the Norwegian virus protection shoulder demonstrated an emerging tool that is adapted to the new threat. 
Traditionally, viruses, Trojans and worms have been used for vandalism, and the recruiting of inadequately protected computers to the zombie network. What is new is that malicious code is used by organized criminals of various types of fraud. The goal is not blind attack against the many, but targeted attacks where there are large economic gains to retrieve. Itakt-study documents the increased fear among IT managers for phishing, social manipulation and ID-theft, and less fear of "technical threats" such as spyware, spam, hacking, viruses and security holes.
- We have selected the "Proactive Forensic Toolkit" that preliminary designation of our new toolbox, because it builds on the expanded edition of our Sandbox technology, the one who basically directed at the investigation, that "forensics", says the OEM and CTO Arvid Gomez.
The aim is to achieve an automated process that is triggered when it is revealed abnormal behavior of a client in the network, and which ends at that infected clients are cleaned and given any lasting immunity against the specific threat that led to the abnormal behavior.
The notion of what constitutes "abnormal behavior" is achieved by analyzing historical data collected through the Sandbox. When abnormal behavior is identified in a client, the Sandbox to decode the threat and to create an appropriate rule. So should the toolbox to make sure this rule is distributed through the network, and clean infected computers and block future instances of the same threat.
Information about a new threat may also be entered manually: If one reads about a new attack that you think you should take action on, information about the registry changes, questionable files, and more are added into the toolbox operating console. From there you can initiate a search, with instructions for automatically uninstalling the current malicious code.
The Toolkit can also be used to automatically search for and uninstall the previously unknown malicious code discovered by Sandbox. It should, in other words be able to automate the network's protection against "zero-day attacks."
Gomez said that Norman intended to make the toolbox market ready by summer, and that the final name and the schedule will be available shortly. The Toolkit will not only be marketed directly to business customers, but also included in products from other companies. Norman's IT security technology available today in products from companies such as MessageLabs, Microsoft, eEye Digital Security, SonicWALL, and Bauer.
