Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

27 percent of all malware variants in history were created in 2015

Maria Korolov | Feb. 1, 2016
Last year was a record year for malware, according to a report from Panda Security, with more than 84 million new malware samples collected over the course of the year.

space invader
Credit: Cam Evans

Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year.

That averages out to around 230,000 new malware samples a day, said Luis Corrons, technical director of Panda's PandaLabs unit. Or 27 percent of all malware ever created.

Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially unwanted programs such as adware at 10.71 percent and cases of spyware at 1.83 percent.

According to Corrons, one reason that the number of malware variants is proliferating is, ironically, that antivirus software is getting better at detecting and blocking them.

"At the end of the day, it's our fault, in some ways," he said.

Say, for example, a hacker sends out 1,000 instances of a piece of malware. Once one gets caught, the rest will as well because the signature will get identified.

But if the hacker sends out 1,000 variations on that same malware, the likelihood is higher that more of them will get through.

These days, Corrons added, the attackers have automated software that will slightly modify malware just enough to make it look different to defending systems.

"When you get an infected website, every different user gets a slightly different version of the same Trojan," he said.

Back when he started out, 17 years ago, he said, they saw 100 new variants per day.

"And we thought it was crazy," he said. "All the processes we had in the lab were pretty much manual -- so it was crazy."

But the defenders are getting better as well, he added.

For example, if PandaLabs sees a file that it's never seen before, that's an indicator right there to place the file under additional scrutiny. That's due to the rapid spread of cloud technology, he said.

"If we see a new file that we have never seen, we know that the file has not yet been seen anywhere else in the world, he said.

In addition, antivirus vendors are getting smarter about sharing malware samples.

Panda has servers up that it uses to share malware samples with its competitors, and it has the ability to query their servers as well -- not just for all the new malware samples, but specifically for the ones that Panda itself hasn't seen yet.

If Panda were to stop sharing malware with, say, Symantec, then Symantec would stop sharing back -- and customers would get mad, Corrons said.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.