Most malware dies within 24 hours

Share this article:
More than half of security threats last just one day before becoming inactive, according to new research.

Of the 37,000 new samples of viruses, worms and trojans that anti-virus firm Panda Security receives daily, 52 percent spread for just 24 hours. Nineteen percent last for two days, and nine percent persist for three days.

Cybercriminals quickly create new variants of threats because they know their samples will eventually be blocked by anti-virus companies, Sean-Paul Correll, threat researcher at PandaLabs, told in an email Wednesday.

“It highlights the growing financial motivation behind today's cybercriminal activity,” he said. “To better serve their bottom lines, they generate hundreds of unique samples carrying the same underlying payload to delay the overall detection as long as possible, and in the process, extend the longevity of their moneymaking schemes.”

Correll said this is an alarming trend because AV companies are struggling to process the huge number of malicious samples they receive.

Peter Firstbrook, research director at Gartner, told on Thursday that the AV defenses that most people have today are dependent upon the AV vendor finding the malware sample, creating a signature for it and distributing it -- a process that takes 24 to 48 hours after the virus has been identified. When an attacker moves on to a new variant, that signature becomes essentially useless.

“The database of signatures is growing rapidly, but effectiveness is declining,” Firstbrook said.

At the end of 2008, Panda Security had identified a total of 18 million malware samples encompassing threats over the past 20 years. By August, the number of samples jumped to 30 million.

Cybercriminals are able to create so many pieces of malware because they have found ways to make their operations more efficient and professional, Correll said. For example, some have created websites where they can easily manage their infected networks.

“Think Gmail, but instead of a list of emails, you have a list of infected machines," Correll said. "And instead of forward or reply functions, you have methods to do anything you please with the infected computers."

Firstbrook said that in addition to the fact that cybercriminals are rapidly cycling through malware variants, there are more people involved in cybercrime now because of the down economy and layoffs.

While AV companies are quickly working to create signatures for malware variants, businesses should be most worried about targeted attacks that security firms may not even be aware of.

“Anything in the news isn't a worry at all, it's the stuff that isn't in the news,” Firstbrook said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.