madison
Home / News & Blogs

Major antivirus engines failing to detect malware

Vivian Yeo ZDNet Asia | July 15, 2009 5:48 AM PDT

Summary

A dramatic rise in the number of e-mail viruses that slipped past major antivirus engines between late May and June was due to "aggressive" new variants of a number of Trojans, according to a new study.

Topics

Commtouch, Malware, Cyberthreats, Viruses And Worms, malmare, virus, antivirus, security, Spyware, Adware & Malware, Vivian Yeo ZDNet Asia
Antivirus vendors are having trouble keeping up with e-mail viruses, according to a new security report.

Released Tuesday, the Commtouch Q2 2009 Internet Threats Trend Report noted a spike in the number of e-mail viruses that slipped past major antivirus engines between late May and June. The security vendor based its findings on the analysis of over 2 billion e-mail messages and Internet transactions daily in its cloud-based global detection centers.

The dramatic rise, said the Israel-headquartered security vendor, was due to "aggressive" new variants of a number of Trojans. Several outbreaks had a wide distribution, which caused malware numbers to increase exponentially from typically low quantities circulated via e-mail.

With every new malware variant, there is a window where antivirus companies recognize and implement dedicated new signatures to protect their customers, explained CommTouch. This method, however, proved inefficient with the massive growth, so security vendors resorted to generic signatures to block all variants of the same malware family, which have not been effective against the recent variants, it added.

"For the last year-and-a-half, antivirus engines effectively blocked many virus variants with generic signatures," Amir Lev, chief technology officer of Commtouch, said in a company statement. "In the second quarter, however, malware distributors introduced large quantities of new variants which are immune to these generic signatures, therefore causing sharp increases in undetected malware samples that were blocked by Commtouch."

Some of the top malware cited by CommTouch as undetected by major antivirus software, were Mal/WaledPak-A, Troj/Agent-KBE and Mal/WaledPak-A.

The report also noted a sharp rise in the number of newly activated zombie PCs or bots during the same period. For the second quarter, an average of 376,000 new bots were activated each day for malicious use.

Between April and June, Brazil had the biggest share of zombie machines, with a 17.5 percent share of global bot activity, said CommTouch.

Mac malware is also on the rise, according to the company. Last month, security researchers warned of two new attacks targeting OS X users.

Citing security software company ParetoLogic, CommTouch said in its report there was an increasing number of Mac Trojans in the wild, as malware writers expand their attack surface by including as many platforms and browsers as they can. This trend is expected to continue for the rest of the year, it added.

This article was originally posted on ZDNet Asia.

Talkback Most Recent of 21 Talkback(s)

  • What an impossible job
    I don't see any company stopping it all
    I'm not saying they should call it a day but anti-virus is mostly useless against the kind of attacks I've seen lately. It only gives the casual user a false sense of security. Tighten up the OS and use a great scanner. Wham! They still get nailed by social engineering attacks.
    ZDNet Gravatar
    zmud
    15th Jul 2009
  • Not impossible at all
    I remember at the start of the web era... 1995-96-ish where if there was a video in a web page, it launched in a separate player. Same deal for a document.

    Now, everything is embedded in the browser itself, and it's a self-created security nightmare.

    Javascript.. same deal. It has a place, but more often than not it's about enabling an ad of some kind.

    Most of what constitutes a modern web page is all about enabling advertising, and the complexity that makes that possible is the biggest security problem on a PC today.
    ZDNet Gravatar
    croberts
    15th Jul 2009
  • RE: Major antivirus engines failing to detect malware
    AV is not enough... Plain and simple. No vendor no
    matter how big they are with vast resources or staff
    and R&D funds, with large honey pots, or how small and
    dynamic they are with updates, patches and removal
    tools, can keep up with malicious virus authors.

    We need better more secure browsers, better proactive
    based protection leveraging IPS like technology,
    Firewalls NEED to be enabled, and for christ's sakes,
    stop being assigned the "Administrator," role.

    Some AV vendors have gone down the route of a
    whitelist, rather than a blacklist of bad apps. There
    are 10x or more bad things than good things, so they
    are moving towards community based feedback, weighted
    scores, and allowing trusted apps. Think Cloud
    security...
    ZDNet Gravatar
    unredeemed
    15th Jul 2009
  • heuristic scanners
    What happens when viruses use vulnerabilities inside of whitelisted applications to tunnel past your firewall and a/v? They already do it with IE and svchost frequently.

    One needs a virus scanner with strong "heuristic" scanning which uses algorithms to detect malware "in the wild". Best one I know of is Nod32 from Eset.

    Unlike definition based scanners you don't need to wait for the a/v company to analyse the virus before they can catch it. (and yes, keep those firewalls running)
    ZDNet Gravatar
    zathrus@...
    15th Jul 2009
  • Threatfire
    I recommend Threatfire for real-time behavior-based protection.

    Will run with your regular AV application.

    http://www.threatfire.com/download/
    ZDNet Gravatar
    kyron.gustafson@...
    16th Jul 2009
  • White lists are good, but ....
    Most of us are smart enough to NOT go into an unknown dangerous looking neighborhood, but in the virtual web world nothing seems dangerous until it is too late.
    Social engineering (like Bernie Madoff) can get even the most intelligent of us.
    A secure, non-modifyable OS setup appears to be the simplest solution.
    ZDNet Gravatar
    kd5auq
    15th Jul 2009
  • Tough job but they are paid to do.
    I guess end users just need to learn to adjust their use of the software depending on the consumer reports results... just like with cars.
    ZDNet Gravatar
    Been_Done_Before
    15th Jul 2009
  • Best weapon is an informed user
    Just like predators in nature go for the sick, injured
    or otherwise weak members of the herd. Malicious
    computer users go for the weak, uninformed "average"
    users. People need to be trained to recognize
    malware. But it's no easy task and most people don't
    want to commit the time. So, it's a self-perpetuating
    system, and people want the quick fix with anti-virus
    software that at-best only will catch 70% of the
    malware. These people put their anti-virus software
    to the test and quickly realize that it's often not up
    to snuff.

    Anti-virus software is like body armor. It protects
    you most of the time, but it doesn't work against all
    rounds. And they are always developing armor-piercing
    rounds. So, the point is not to get hit.

    But marketeers don't want to market their software as
    bullet-resistant. They want to pretend like they're
    selling you a tank when really it's at best some
    kevlar. And those users that think their AV software
    is a tank are usually the ones to run headstrong into
    a firefight. Uninformed users...
    ZDNet Gravatar
    Uncle Ebeneezer
    15th Jul 2009
  • RE: Major antivirus engines failing to detect malware
    Which ones failed at malware and which ones worked most often?
    ZDNet Gravatar
    john00027@...
    15th Jul 2009
  • RE: Major antivirus engines failing to detect malware
    Which engines worked and which ones failed most often for Malware?
    ZDNet Gravatar
    john00027@...
    15th Jul 2009
  • Could you tell us exactly which "Major antivirus engines" failed?
    The headline of this blog indicates that
    certain major antivirus engines failed to
    detect malware.

    Which ones?

    Are you not telling us because either:

    (a) they are advertisers, or,

    (b) you don't know which ones?
    ZDNet Gravatar
    Speednet
    16th Jul 2009
  • Duh!
    Onerous job not withstanding, AV engines have focused on viruses, not malware. No one has done a decent job keeping malware at bay.
    ZDNet Gravatar
    bruce@...
    16th Jul 2009
  • RE: Major antivirus engines failing to detect malware
    Keep an eye on the update to
    http://www.av-comparatives.org/forum/index.php?page=Board&boardID=5
    ZDNet Gravatar
    Agnostic_OS
    16th Jul 2009
  • RE: Major antivirus engines failing to detect malware
    Malwarebytes is the best malware remover on the market.
    ZDNet Gravatar
    malcatraz
    16th Jul 2009
  • Malwarebytes not great on viruses
    Malwarebytes is not great on viruses. I ran the free version of PC-Tools AFTER a client had used Malwarebytes and the machine was still infected. PC-Tools fixed it.
    ZDNet Gravatar
    bobpeg
    17th Jul 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity