Skip to Content
Uncategorized

Constant Churn Makes Viruses Harder to Catch

Within three days, 80 of malicious software disappears from the internet, new research shows.
August 14, 2009

The latest data point in the arms race between security firms and cybercriminals comes from Panda Security of Bilbao, Spain.

On Wednesday, the company announced that the quantity of malicious software seen by its customers has skyrocketed recently, with the firm now processing some 37,000 samples per day. In 2008, Panda saw 22,000 new samples every day, on average.

“Samples”, as explained in a previous post to UnsafeBits, is an amorphous term that generally covers not only malicious software and variants that are different on a binary level, but also the same software that has been compressed–more commonly referred to as “packed”–in slightly different ways.

The dramatic increase in malicious software samples shows the success of cybercriminals’ efforts to hide their programs from detection. As the number of samples increases, antivirus firms have to improve their automated analysis capabilities or hire more analysts.

“They decided to attack the antivirus labs,” says Sean-Paul Correll, a threat researcher with Panda Labs. “It is a DDoS (distributed denial-of-service attack) is what it is. It is going to continue and it’s only going to get worse.”

Security-software firms have improved their ability to analyze threats, both through better automated analysis and through hiring more analysts. In Panda’s case, the company launched its Collective Intelligence analysis system in 2007, which typically handles about 99 percent of all submissions to the company, Correll says. Collective Intelligence processes a sample in about six minutes.

Yet, antivirus firms also have to deal with the constant churn of threats. Cybercriminals often only have to pack their latest virus or Trojan horse in a slightly different way to escape detection. And if a particular criminal group does not have the technical chops to create new variants, other groups offer services to create obfuscated programs.

Panda documented the churn by noting that 52 percent of samples are only seen in a single 24-hour period. Another 19 percent do not last more than two days. Within three days, 80 percent of all malware disappears from the Internet.

For consumers, that means that updating their software on a daily basis is no longer enough. With more than half of all malicious software appearing and disappearing between updates, consumers are more than likely to miss a threat.

Panda plans to take the update out of the equation, launching a service, hosted in the cloud, that can automatically identify unfamiliar threats. By uploading specific characteristics of any program encountered by the client, its software can then make a judgment on whether a particular file is malicious or not.

“We upload the behavioral traits,” Correll says. “There is so much valuable information in, say, API calls. You can extract so much data about how the program interacts with the operating system. So rather than upload the original file, … by just using the behavioral traits, we can make a judgment using our past knowledge.”

Keep Reading

Most Popular

computation concept
computation concept

How AI is reinventing what computers are

Three key ways artificial intelligence is changing what it means to compute.

still from Embodied Intelligence video
still from Embodied Intelligence video

These weird virtual creatures evolve their bodies to solve problems

They show how intelligence and body plans are closely linked—and could unlock AI for robots.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

pig kidney transplant surgery
pig kidney transplant surgery

Surgeons have successfully tested a pig’s kidney in a human patient

The test, in a brain-dead patient, was very short but represents a milestone in the long quest to use animal organs in human transplants.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.