Home > News & Articles > The Malware Numbers Game: How Many Viruses Are Out There?

The Malware Numbers Game: How Many Viruses Are Out There?

April 16th, 2012 Leave a comment Go to comments

How many strains of malware are in flow around correct now, for Windows PCs, Android devices, and Macs?

That seems similar to a candid question, but the answer is far from simple. And the number might be a lot descend than you think.

If you examine with the heading safety companies, you may be tempted to collect an answer in the millions. After all, that’s how many listings you’ll find in the clarification files for familiar antivirus programs. At day’s finish on April 12, for example, Symantec published the outline shown below, observant that its ultimate Virus Definitions record contained 17,702,868 well-defined signatures.

Oh my. 17.7 million? That of course sounds similar to a really large number. But before you obtain swept away, it’s value receiving a closer look at what it really represents.

Eight days earlier, on April 4, that same Norton/Symantec clarification record contained 17,595,922 well-defined detections. With 106,946 extra definitions in a small 8 days, you’d probably conclude that malware is out of control.

Because the Norton brand name is essentially related with Windows PCs, you’d probably moreover pretence that all of that wake up was directed at the Windows platform.

And you’d be incorrect in both cases.

Definition files are a great way of assessing the grade of wake up at a P.C. safety company. They hazily portion the stream severity turn of the cat-and-mouse diversion between malware authors and safety companies. But counting signatures says nothing about what’s new.

I took a closer look at the Symantec definitions for that week and found a really engaging story.

Symantec, to its credit, publishes minute data about what’s in any new clarification file, inclusive what’s new. On any since day, it displays the complete number of new and revised detections, followed by their details, similar to this:

In the 8 days between April 5 and April 12, usually 12 new detections were updated to Symantec’s approved clarification file, with 6 of them updated on a singular day, April 10. Here’s a breakdown:

Three were broad detections for rouge packages (Packed.Generic.360 by .362). These aren’t really new strains of malware, usually new forms of packaging. The joined writeup calls any a a “heuristic showing for files that may have been obfuscated or encrypted to be able to hide themselves from antivirus software.”

Four are broad detections for existing counterfeit antivirus packages (Trojan.FakeAV!gen90 and gen91, SmartAVFraud!gen2, and SecShieldFraud!gen5). These are moreover heuristic detections, written to pick out brute anti-malware programs by their actions rsther than than by their ever-shifting content.

Two were directed at Android-powered devices: Android.Tigerbot and Android.Gonfu.D are both backdoors found in rouge Android apps.

One new access is simply called Adware.SafeTerra, with no related description.

One new access is for something called Trojan.Darkshell, that has usually a unclear description (“may perform distributed rejection of service attacks”).

One is the barbarous Flashback, for Macs, rigourously well known as OSX.Flashback.K .

The complete number of declared entries listed in the outline of those clarification files during that time was 303″12 new and 291 revised. So where does the 100,000+ number advance from? It appears to be a tally of particular pieces of identifying data”signatures”associated with those declared entries. Counting every signature is an easy way to obtain to an impressively large number, but it isn’t an precise way to asses the stream hazard landscape.

That list includes a lot more than rouge software, too. Categories add Adware, Hack Tool (many of that are legitimate), Joke, Misleading Application, Potentially Unwanted App, and Security Assessment Tool. When we released those categories, we finished up with usually 213 declared entries in the Trojan, Worm, and Virus categories.

I was astounded to find that many of the definitions on this list are for really aged pieces of code. During this one-week time in April 2012, Symantec

The SubSeven Trojan, that was a large treat in the late 1990s but was strictly close down in 2003

W32.Chir.B@mm, a mass-mailing worm from 2002 that targets Internet Explorer versions 4 by 5.5

Spybot, a family of worms that expansion using the Kazaa file-sharing network and a accumulation of Windows 2000/XP flaws that were patched in 2003

Netsky, a 2004-vintage mass-mailing worm

Mydoom, other mass-mailing worm that spawned a of the initial botnets; it was automatic to do many of its damage in February 2004 and fizzled out inside of a couple of years

In addition, these April 2012 clarification files add multi-part revised detections for Waledac and Rustock, the Trojans accountable for two prolific spam botnets that were decisively close down in February 2010 and Mar 2011 , respectively.

For any declared entry, Symantec includes the date when that access was initial updated to its definitions list. Out of the complete of 213 new declared entries on the list, more than 85% were from 2010 or earlier. Only 31 entries were detected in 2011 or 2012. And one-third of those were from non-Windows platforms.

Two of the new samples were for OS X”the original OSX.Flashback, from final fall, and the newer OSX.Flashback.K, that wreaked devastation on Mac owners over the past month.

Most interestingly, 8 entries on the list”more than 25%”were for Android-related malware. Given the size of the Android commissioned bottom and the insufficient of any middle manage over Android app markets, that shouldn’t be surprising. On its Latest Threats and Risks list , Symantec includes writeups for more than 80 Android-related programs, many personal as Trojans or Spyware. That’s 11% of the complete of 720 things on the list.

To ensure those figures were representative, we looked at the Symantec definitions database is to whole month of March. In all, 66 new declared entries were updated to the list, or about two per day. Of that total, 36 represented new, declared Trojans, viruses, and worms. Five of them were directed at Android devices, a targeted OS X (no, it wasn’t a Flashback variant), and there was a new access any for Symbian OS, Linux, and an Adobe Flash Player exploit.

In its 2011 Security Intelligence inform , released progressing this year, Microsoft safety researchers remarkable the complaint with perplexing to portion the hazard landscape by counting unique malware samples:

Ever since crook malware developers began using customer and server polymorphism (the capability for malware to boldly emanate various forms of itself to frustrate antimalware programs), it has become increasingly tough to answer the subject “How many hazard variants are there?” Polymorphism means that there may be as many hazard variants as putrescent computers can produce; that is, the number is usually paltry by malware’s capability to produce new variations of itself.

If you look delicately at the Windows malware landscape over the final 10 years, it’s strong that a comparatively small number of family groups are accountable for roughly all the damage we’ve seen. I’ll look more keenly at those families, and the evolution of Windows malware, in a follow-up to this post.

Hp G7-1310us (17.3-inch Screen) Laptop  by Hp Hp G7-1310us (17.3-inch Screen) Laptop  by Hp

25 new from $554.99
Hp Probook 4530s Xu015ut 15.6 Hp Probook 4530s Xu015ut 15.6″ Led Notebook (2.1 Ghz Intel Core I3-2310m
ual-core Processor, 4 Gb Ram, 320 Gb Hard Drive, Dvd+/-rw Supermulti Dl Lightscribe, Windows 7 Home Premium 64-bit)  by Hp
11 new from $479.00








Share and Enjoy:

  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
  • Add to favorites
  • Google Buzz
  • Live
  • MySpace
  • PDF
  • RSS

Related Articles

Recent Posts

   
Categories: News & Articles Tags:

  1. No comments yet.