Malware quality drops, quantity rises

Over the last six months, the technical creativity of malware has fallen, but the quantity has skyrocketed, according to Kaspersky Lab.

Share

Over the last six months, the technical creativity of malware has fallen, but the quantity has skyrocketed, according to Kaspersky Lab.

Over the last six months, the technical creativity of malware has fallen along with the ability to cause massive damage, such as that created by the MyDoom and Sasser worms of years past, wrote Alexander Gostev, senior virus analyst for Kaspersky Lab, in a recent report.

Gostev's lab intermittently sees highly technical malware, but most is "the same unending stream of Trojans, viruses and worms," he wrote. In many cases, hackers simply take existing malware and create variants, by tweaking the older code to evade antivirus software.

At times, the process is simple trial and error. Malware writers use online scanners such as Virustotal, which check to see if their new code will be detected by antivirus software, said Mikko Hypponen, chief research officer for security vendor F-Secure.

If the code is detectable, they can make a slight modification and run it through the scanner again.

"I'd like to tell you that we're winning this war," Hypponen said. "But frankly, I'm not so sure. We need new kinds of solutions."

Because much of the code is not new, it tends to remain effective for shorter periods of time before antivirus companies detect it. Still, the time it takes to identify and create a signature for a new virus, which can range from a few minutes to a few hours, is often long enough for hackers to infect computers.

"Antivirus companies are working at the limits of their capabilities in terms of speed," Gostev wrote.

"Recommended For You"

Security vendors question accuracy of anti-virus tests Shamoon malware kill timer suggests connection to Saudi Aramco attack