Threat Management, Incident Response, Malware, Network Security, TDR, Vulnerability Management

Most malware dies within 24 hours

More than half of security threats last just one day before becoming inactive, according to new research.

Of the 37,000 new samples of viruses, worms and trojans that anti-virus firm Panda Security receives daily, 52 percent spread for just 24 hours. Nineteen percent last for two days, and nine percent persist for three days.

Cybercriminals quickly create new variants of threats because they know their samples will eventually be blocked by anti-virus companies, Sean-Paul Correll, threat researcher at PandaLabs, told SCMagazineUS.com in an email Wednesday.

“It highlights the growing financial motivation behind today's cybercriminal activity,” he said. “To better serve their bottom lines, they generate hundreds of unique samples carrying the same underlying payload to delay the overall detection as long as possible, and in the process, extend the longevity of their moneymaking schemes.”

Correll said this is an alarming trend because AV companies are struggling to process the huge number of malicious samples they receive.

Peter Firstbrook, research director at Gartner, told SCMagazineUS.com on Thursday that the AV defenses that most people have today are dependent upon the AV vendor finding the malware sample, creating a signature for it and distributing it -- a process that takes 24 to 48 hours after the virus has been identified. When an attacker moves on to a new variant, that signature becomes essentially useless.

“The database of signatures is growing rapidly, but effectiveness is declining,” Firstbrook said.

At the end of 2008, Panda Security had identified a total of 18 million malware samples encompassing threats over the past 20 years. By August, the number of samples jumped to 30 million.

Cybercriminals are able to create so many pieces of malware because they have found ways to make their operations more efficient and professional, Correll said. For example, some have created websites where they can easily manage their infected networks.

“Think Gmail, but instead of a list of emails, you have a list of infected machines," Correll said. "And instead of forward or reply functions, you have methods to do anything you please with the infected computers."

Firstbrook said that in addition to the fact that cybercriminals are rapidly cycling through malware variants, there are more people involved in cybercrime now because of the down economy and layoffs.

While AV companies are quickly working to create signatures for malware variants, businesses should be most worried about targeted attacks that security firms may not even be aware of.

“Anything in the news isn't a worry at all, it's the stuff that isn't in the news,” Firstbrook said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.