Research: 80% of Carberp infected computers had antivirus software installed

Summary:Just how useful is antivirus software in general? According to a recently published study by security researcher Jim McKenney, based on his analysis 80% of Carberp infected computers had antivirus software installed.

 

Carberp_botnet_antivirus_disabled_cripled

Just how useful is antivirus software in general? According to a recently published study by security researcher Jim McKenney, based on his analysis 80% of Carberp infected computers had antivirus software installed, which was either disabled, or cripped by the Carberp malware leaving antivirus users with a 'false feeling of security'.

The forensic investigation included 603 computers located in Kansas, Missouri, Oklahoma and Nebraska. What he found was pretty interesting. The majority of users relying on Symantec's Norton 360 antivirus had their protection either crippled or completely disabled. The same happened to AVG, Microsoft's Security Essentials, McAfee, Avast, ESET, Sophos, Avira, Kaspersky and BitDefender users.

Are the findings of this study a trend or a fad? Sadly, the cybercriminals' ability to bypass antivirus protection is an emerging trend within the cybercrime ecosystem, rendering popular antivirus solutions completely useless.

This isn't the first study confirming that sophisticated crimeware releases completely bypass antivirus solutions, by either disabling them, or by ensuring that their malicious releases would remain undetected even if executed on a host running an antivirus solution.

In 2009, Trusteer published an advisory that measured the in-the-wild effectiveness of antivirus solutions against the most popular crimeware, the ZeuS crimeware. Their advisory concluded that "The effectiveness of an up to date anti virus against Zeus is thus not 100%, not 90%, not even 50% - it’s just 23%."and indicated that 55% of users infected with the ZeuS crimeware were running an up-to-date antivirus solution.

Prevention is always better than the cure. Ensure that you're always running and up-to-date third-party software and browser plugins as on the majority of occasions cybercriminals will attempt to exploit outdated and already patched vulnerabilities, next to coming up with creative ways to socially engineer you to execute a malicious executable.

Find out more about Dancho Danchev at his LinkedIn profile.

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.