Malware creation breaks all records! 160,000 new samples every day
Malware creation breaks all records! 160,000 new samples every day
Posted: 01 Jun 2014
Malware creation has broken all records during this period, with a figure of more than 15 million new samples, and more than 160,000 new samples appearing every day, according to Panda Security.
Trojans are still the most abundant type of new malware, accounting for 71.85% of new samples created during Q1. Similarly, infections by Trojans were once again the most common type of infection over this period, representing 79.90% of all cases.
Another report that verifies Symantec was right, antivirus is dead. The technology is ill equipped to protect against 6,666 new malware per hour....
Measuring detection rates using VirusTotal is not a new idea and the firm's results were more or less as might be expected; antivirus software gets better and better at spotting malware as time passes, but the detail reveals some important caveats. When no program on VirusTotal spotted a piece of malware on the first day, it took an average of two days for at least one program to detect it.
Without naming any names, it is clear that some antivirus programs are still better (i.e. faster) at detecting new malware than others, with some examples managing to elude one in ten scanners a full year after their first appearance.
When no program on VirusTotal spotted a piece of malware on the first day, it took an average of two days for at least one program to detect it.
What conclusion can be drawn from this? We don't know how long it was between the time a computer that was protected by (let's say AVG) first saw the bad file in action and the time that it was added to the signature list.
And there are files that are never added to the signature lists. Those file are stopped by heuristics only. Those files will never show as bad via VirusTotal for those companies that opt to handle the files via heuristics. (I think that I read that caveat on VirusTotal's website.)
And then there are the files that AVG deems bad but AVAST claims are not bad. It is a subjective call.
I must be reading the article wrong - because I'm not seeing the value of gathering such data.
VirusTotal (and the like) is a great service, but one should watch the data being mined.
My guess is that most of these 160k files are just variations on a theme. Batches of them do the same thing, but are packaged 1000s of different ways. Let's hope that the servers creating these morphed files don't get to where they can create one unique bad file per computer requesting a download.
My thoughts.
New infection will always be a step ahead of security programs.
To me this is not News.
Thousands of people creating and planting infection; some sponsored by countries.
This is also not News.
Choosing your security programs and keep them updated several times a day is still the best thing to do for us normal people.
Keeping your other programs updated is also a necessity.
Paying attentions what is done by the users of a computing system of course is important.
Telling us that China is the most infected country in the world. (DAA) No chit.
It's also the most counterfeit country in the world and unable to get proper updates.
Other than telling us that Trojans are the big boy on the block at this time the article to me is just filling up space on the internet.
A Guy this is not intended to shoot the messenger.
Thank you for posting it along with all your other security updates and articles.
Computer Type: PC/Desktop System Manufacturer/Model Number: Home made Desktop OS: Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64 CPU: Intel i7-6800K @ 4.3 Motherboard: ASUS X-99 Deluxe II Memory: Corsair Platinum 16 gig @2400 Graphics Card: EVGA GTX 1070 OC Monitor(s) Displays: Asus 27" LED LCD/VE278Q Screen Resolution: 1920-1080 or 1280-720 HDMI Keyboard: Das 4 Professional Mouse: Logitech M705/MX Anywhere 2-S PSU: EVGA Platium 1200W Case: Phanteks Luxe Tempered Glass 8 fans/ one radiator Cooling: XSPC/ Water Cooled CPU Hard Drives: INTEL SSD 730-240 Gb Sata 3.0/ Internet Speed: 100 mbits Browser: I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum Antivirus: Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS Other Info: LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
This is the "army of malware" approach that has been in use by malware producers for some time. Using automated methods the producer turns out thousands of copies of malware that essentially work the same way but are designed to look different to AV software. Signatures aren't much good in detecting such malware. However many signatures the product may know there are thousands more as yet unknown.
To combat such malware AV software uses a heuristic approach that does not rely on signatures. But it is very difficult and isn't completely effective either. It also requires considerable computer resources and for this reason many users have it turned off.
In the beginning a computer virus was merely an experiment, a proof of concept. But it was early learned that such viruses could do more, they could be used for malicious purposes and for personal gain. As computers and software grew more sophisticated malware matched it's progress. Today malware has become very sophisticated. Some malware has a form of automatic update that update itself when the producer releases a new version. Avoiding detection by the user is a very high priority. The goal is to avoid detection by the very best AV software with the latest definitions. Many viruses succeed, until their secrets are learned. But by then it doesn't matter anymore as there are newer versions released.
Malware authors are no longer just the basement hackers they once were. They are well organized, highly motivated, and well funded. Some governments fund the production of malware as a form of terrorism.
At the present time Windows operating systems are the main target. But this is primarily because up until recent times the others didn't have sufficient market share to bother with. But that is changing.
It is war between malware and AV software. Many people believe that malware is winning.
There will never be a silver bullet unfortunately. Luckily, windows is starting to be less of a target and more and more malware is targeting apple and android devices. Mostly Android due to the marketshare and openess of the platform.
The good news is once most of the malware focuses on mobile platforms, windows will start to be more secure :)
It's messed up good news, but at least there is good news. -use a flip phone.
Computer Type: PC/Desktop System Manufacturer/Model Number: Custom Built OS: Windows 10 Pro CPU: AMD Ryzen 5 2400G Processor with Radeon RX Vega 11 Graphics Motherboard: ASRock X470 Master SLI/AC AM4 AMD Promontory X470 SATA 6Gb/s Memory: G.SKILL Ripjaws V Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM D Graphics Card: 2047MB NVIDIA GeForce GTX 1060 6GB (EVGA) Sound Card: Motherboard Built in Monitor(s) Displays: Acer R240HY bidx 23.8-Inch IPS HDMI DVI VGA (1920 x 1080) Wi Screen Resolution: 1920 x 1080 Keyboard: Wired Dell keyboard Mouse: Wireless Logitech mouse PSU: CORSAIR TX Series TX650M 650W 80+ Gold Modular Power Supply Case: CORSAIR CARBIDE SPEC-02 Mid-Tower Gaming Case, Red LED Fan Cooling: 220mm, two 120mm, and four 60mm fans Hard Drives: 1TB Sandisk SSD PLUS (Main drive)
500 GB Seagate 7200 RPM (Games)
500 GB Western Digital 7200 RPM (Virtual Machines) Internet Speed: 250mb down, 30mb up Browser: Chrome-ish x64 Antivirus: Panda Cloud Antivirus Other Info: Your awesome for reading this.
Just take a look at ones friends and family using cell phones.
Which family member or friend do you think knows anything about securty on cell phones or any other portable device. Most I know don't even want to here about it.
That is why those devices get attacked.
The bad guys no a sucker when they see one.
Computer Type: PC/Desktop System Manufacturer/Model Number: Home made Desktop OS: Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64 CPU: Intel i7-6800K @ 4.3 Motherboard: ASUS X-99 Deluxe II Memory: Corsair Platinum 16 gig @2400 Graphics Card: EVGA GTX 1070 OC Monitor(s) Displays: Asus 27" LED LCD/VE278Q Screen Resolution: 1920-1080 or 1280-720 HDMI Keyboard: Das 4 Professional Mouse: Logitech M705/MX Anywhere 2-S PSU: EVGA Platium 1200W Case: Phanteks Luxe Tempered Glass 8 fans/ one radiator Cooling: XSPC/ Water Cooled CPU Hard Drives: INTEL SSD 730-240 Gb Sata 3.0/ Internet Speed: 100 mbits Browser: I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum Antivirus: Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS Other Info: LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Just take a look at ones friends and family using cell phones.
Which family member or friend do you think knows anything about securty on cell phones or any other portable device. Most I know don't even want to here about it.
That is why those devices get attacked.
The bad guys no a sucker when they see one.
The only people who sometimes learn is the ones that get their identity stolen. And sometimes not even then.
Computer Type: PC/Desktop System Manufacturer/Model Number: Custom Built OS: Windows 10 Pro CPU: AMD Ryzen 5 2400G Processor with Radeon RX Vega 11 Graphics Motherboard: ASRock X470 Master SLI/AC AM4 AMD Promontory X470 SATA 6Gb/s Memory: G.SKILL Ripjaws V Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM D Graphics Card: 2047MB NVIDIA GeForce GTX 1060 6GB (EVGA) Sound Card: Motherboard Built in Monitor(s) Displays: Acer R240HY bidx 23.8-Inch IPS HDMI DVI VGA (1920 x 1080) Wi Screen Resolution: 1920 x 1080 Keyboard: Wired Dell keyboard Mouse: Wireless Logitech mouse PSU: CORSAIR TX Series TX650M 650W 80+ Gold Modular Power Supply Case: CORSAIR CARBIDE SPEC-02 Mid-Tower Gaming Case, Red LED Fan Cooling: 220mm, two 120mm, and four 60mm fans Hard Drives: 1TB Sandisk SSD PLUS (Main drive)
500 GB Seagate 7200 RPM (Games)
500 GB Western Digital 7200 RPM (Virtual Machines) Internet Speed: 250mb down, 30mb up Browser: Chrome-ish x64 Antivirus: Panda Cloud Antivirus Other Info: Your awesome for reading this.
When no program on VirusTotal spotted a piece of malware on the first day, it took an average of two days for at least one program to detect it.
What conclusion can be drawn from this? We don't know how long it was between the time a computer that was protected by (let's say AVG) first saw the bad file in action and the time that it was added to the signature list.
The conclusion is that the AV will protect the system against known malware only and releasing a definition for new malware will take at least two days. And that's in "good case", it does not take into account that malware nowadays routinely kills antivirus protection and/or just exempts itself from the AV scan.
And there are files that are never added to the signature lists. Those file are stopped by heuristics only. Those files will never show as bad via VirusTotal for those companies that opt to handle the files via heuristics. (I think that I read that caveat on VirusTotal's website.)
I don't believe that there's such caveat; quote from the VirusTotal FAQ:
VirusTotal antivirus solutions sometimes are not exactly the same as the public commercial versions. Very often, antivirus companies parametrize their engines specifically for VirusTotal (stronger heuristics*, cloud interaction, inclusion of beta signatures*, etc.). Therefore, sometimes the antivirus solution in VirusTotal will not behave exactly the same as the equivalent public commercial version of the given product.
*-Emphasis mine
In another word, the public has the watered down version of the same antivirus that would not detect malware that VirusTotal detects. Heuristic or not...
I do agree that we still need antivirus, but it needs help. This technology is old and not able to keep up with the number of new malware that is released on a daily basis. I find it ironic that an antivirus company releases statistics that shows, just how impossible for their solution to protect against new malware...
There will never be a silver bullet unfortunately. Luckily, windows is starting to be less of a target and more and more malware is targeting apple and android devices. Mostly Android due to the marketshare and openess of the platform.
The good news is once most of the malware focuses on mobile platforms, windows will start to be more secure :)
It's messed up good news, but at least there is good news. -use a flip phone.
Windows 7 breaks Amazon records
Windows 7 has overtaken Harry Potter novels and the Nintendo Wii to become the biggest grossing pre-order product of all time in the UK, according to e-commerce giant Amazon.
In an announcement which will be music to Microsoft's ears, Amazon.co.uk declared that...