Skip to Content
Uncategorized

Constant Churn Makes Viruses Harder to Catch

Within three days, 80 of malicious software disappears from the internet, new research shows.
August 14, 2009

The latest data point in the arms race between security firms and cybercriminals comes from Panda Security of Bilbao, Spain.

On Wednesday, the company announced that the quantity of malicious software seen by its customers has skyrocketed recently, with the firm now processing some 37,000 samples per day. In 2008, Panda saw 22,000 new samples every day, on average.

“Samples”, as explained in a previous post to UnsafeBits, is an amorphous term that generally covers not only malicious software and variants that are different on a binary level, but also the same software that has been compressed–more commonly referred to as “packed”–in slightly different ways.

The dramatic increase in malicious software samples shows the success of cybercriminals’ efforts to hide their programs from detection. As the number of samples increases, antivirus firms have to improve their automated analysis capabilities or hire more analysts.

“They decided to attack the antivirus labs,” says Sean-Paul Correll, a threat researcher with Panda Labs. “It is a DDoS (distributed denial-of-service attack) is what it is. It is going to continue and it’s only going to get worse.”

Security-software firms have improved their ability to analyze threats, both through better automated analysis and through hiring more analysts. In Panda’s case, the company launched its Collective Intelligence analysis system in 2007, which typically handles about 99 percent of all submissions to the company, Correll says. Collective Intelligence processes a sample in about six minutes.

Yet, antivirus firms also have to deal with the constant churn of threats. Cybercriminals often only have to pack their latest virus or Trojan horse in a slightly different way to escape detection. And if a particular criminal group does not have the technical chops to create new variants, other groups offer services to create obfuscated programs.

Panda documented the churn by noting that 52 percent of samples are only seen in a single 24-hour period. Another 19 percent do not last more than two days. Within three days, 80 percent of all malware disappears from the Internet.

For consumers, that means that updating their software on a daily basis is no longer enough. With more than half of all malicious software appearing and disappearing between updates, consumers are more than likely to miss a threat.

Panda plans to take the update out of the equation, launching a service, hosted in the cloud, that can automatically identify unfamiliar threats. By uploading specific characteristics of any program encountered by the client, its software can then make a judgment on whether a particular file is malicious or not.

“We upload the behavioral traits,” Correll says. “There is so much valuable information in, say, API calls. You can extract so much data about how the program interacts with the operating system. So rather than upload the original file, … by just using the behavioral traits, we can make a judgment using our past knowledge.”

Keep Reading

Most Popular

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

crypto winter concept
crypto winter concept

Crypto is weathering a bitter storm. Some still hold on for dear life.

When a cryptocurrency’s value is theoretical, what happens if people quit believing?

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.