Skip to Content
Uncategorized

Constant Churn Makes Viruses Harder to Catch

Within three days, 80 of malicious software disappears from the internet, new research shows.
August 14, 2009

The latest data point in the arms race between security firms and cybercriminals comes from Panda Security of Bilbao, Spain.

On Wednesday, the company announced that the quantity of malicious software seen by its customers has skyrocketed recently, with the firm now processing some 37,000 samples per day. In 2008, Panda saw 22,000 new samples every day, on average.

“Samples”, as explained in a previous post to UnsafeBits, is an amorphous term that generally covers not only malicious software and variants that are different on a binary level, but also the same software that has been compressed–more commonly referred to as “packed”–in slightly different ways.

The dramatic increase in malicious software samples shows the success of cybercriminals’ efforts to hide their programs from detection. As the number of samples increases, antivirus firms have to improve their automated analysis capabilities or hire more analysts.

“They decided to attack the antivirus labs,” says Sean-Paul Correll, a threat researcher with Panda Labs. “It is a DDoS (distributed denial-of-service attack) is what it is. It is going to continue and it’s only going to get worse.”

Security-software firms have improved their ability to analyze threats, both through better automated analysis and through hiring more analysts. In Panda’s case, the company launched its Collective Intelligence analysis system in 2007, which typically handles about 99 percent of all submissions to the company, Correll says. Collective Intelligence processes a sample in about six minutes.

Yet, antivirus firms also have to deal with the constant churn of threats. Cybercriminals often only have to pack their latest virus or Trojan horse in a slightly different way to escape detection. And if a particular criminal group does not have the technical chops to create new variants, other groups offer services to create obfuscated programs.

Panda documented the churn by noting that 52 percent of samples are only seen in a single 24-hour period. Another 19 percent do not last more than two days. Within three days, 80 percent of all malware disappears from the Internet.

For consumers, that means that updating their software on a daily basis is no longer enough. With more than half of all malicious software appearing and disappearing between updates, consumers are more than likely to miss a threat.

Panda plans to take the update out of the equation, launching a service, hosted in the cloud, that can automatically identify unfamiliar threats. By uploading specific characteristics of any program encountered by the client, its software can then make a judgment on whether a particular file is malicious or not.

“We upload the behavioral traits,” Correll says. “There is so much valuable information in, say, API calls. You can extract so much data about how the program interacts with the operating system. So rather than upload the original file, … by just using the behavioral traits, we can make a judgment using our past knowledge.”

Keep Reading

Most Popular

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate

Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway

Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.