Study: Malware persists on compromised machines

Eighty percent of computers that have been compromised are still infected after 30 days, and nearly 50 percent remain compromised after 10 months, according to an analysis released Wednesday by Trend Micro.

“When machines are compromised, they're compromised for a long time,” Dave Rand, CTO of Trend Micro, told SCMagazineUS.com Wednesday.

The machines remain undiscovered because they tend to stay under the radar – they don't do anything blatant, such as consuming system resources, that would tip off the victim, he said.

Also, because these infected PCs typically are part of botnets, they get new software revisions frequently, making them even more difficult to detect.

“One of the joys of having a botted machine is that they are updated regularly,” Rand said. “After the machine is infected, the auto-updates take over, and they are actually more efficient than many AV applications.”

In 2009, virtually all malware tracked by Trend Micro was used by cybercriminals to steal information, Rand wrote on the TrendLabs blog. The three most dangerous botnets in terms of information, financial and identity theft are Koobface, Zeus/Zbot and Ilomo/Clampi.

“The most important thing to recognize is that the machines will not fix themselves,” Rand said. “Someone has to look at the activity of these machines, and that should happen at the network level. We need to get better network tools into the hands of the enterprise.”

Likely a few hundred criminals have more than 100 million computers under their control, he said. This means that cybercriminals have more computing power at their disposal than the entire world's supercomputers combined.

“The internet is a dangerous place still,” Rand said. “We need to be aware that there is an incredible amount of information leaking out of the enterprise.”