Quantity of malware booms
Virus experts from AV-Test have examined the quantity of malware they have collected over the last few years. The shocking result – the count is rising rapidly. Last year they found more than five times as much new malware – almost five and a half million – as in 2006.
According to AV-Test's Andreas Marx, they counted the number of files with different 'fingerprints' (MD5 hashes). This includes malware which is packed using a different run-time packer or is differently encrypted. Since 2004 the level of growth has gone through the roof:
|2008||117480 (first 7 days only)|
The figures clearly demonstrate that the signature based approach of current anti-virus software is no longer appropriate. In light of such figures, Eugene Kaspersky predicted at last year's CeBIT that anti-virus software vendors could lose the fight against virus producers. Anti-virus software vendors try to detect multiple malware variants using a single signature by means of generic detection, but the generation of such generic signatures is carried out by programmers, takes time and is prone to error – in the last few days, avast and Gdata have had to contend with a false alarm for an essential system file caused by just such a signature.
One approach to a solution is 'behavioural blockers', which monitor the software running on a system and analyse and assess its behaviour. If sufficient examples of suspect behaviour – such as setting newly created files to autorun, key-stroke recording or creation of connections to IRC servers – are observed, the analysed behaviour may exceed a set threshold, triggering a behavioural blocker alarm, which can terminate the potentially dangerous program and roll-back any changes made.
In the latest c't anti-virus software test, only few anti-virus solutions included a behavioural blocker. Many vendors are currently working on such extensions to their anti-virus solutions.
- Gdata and avast issue a false alarm in user32.dll, report by heise Security
- Kasperskys worry about malware and hit out at Microsoft, report by heise Security
- Antivirus protection worse than a year ago, report by heise Security