Major antivirus engines failing to detect malware

A dramatic rise in the number of e-mail viruses that slipped past major antivirus engines between late May and June was due to "aggressive" new variants of a number of Trojans, according to a new study.

Antivirus vendors are having trouble keeping up with e-mail viruses, according to a new security report.

Released Tuesday, the Commtouch Q2 2009 Internet Threats Trend Report noted a spike in the number of e-mail viruses that slipped past major antivirus engines between late May and June. The security vendor based its findings on the analysis of over 2 billion e-mail messages and Internet transactions daily in its cloud-based global detection centers.

The dramatic rise, said the Israel-headquartered security vendor, was due to "aggressive" new variants of a number of Trojans. Several outbreaks had a wide distribution, which caused malware numbers to increase exponentially from typically low quantities circulated via e-mail.

With every new malware variant, there is a window where antivirus companies recognize and implement dedicated new signatures to protect their customers, explained CommTouch. This method, however, proved inefficient with the massive growth, so security vendors resorted to generic signatures to block all variants of the same malware family, which have not been effective against the recent variants, it added.

"For the last year-and-a-half, antivirus engines effectively blocked many virus variants with generic signatures," Amir Lev, chief technology officer of Commtouch, said in a company statement. "In the second quarter, however, malware distributors introduced large quantities of new variants which are immune to these generic signatures, therefore causing sharp increases in undetected malware samples that were blocked by Commtouch."

Some of the top malware cited by CommTouch as undetected by major antivirus software, were Mal/WaledPak-A, Troj/Agent-KBE and Mal/WaledPak-A.

The report also noted a sharp rise in the number of newly activated zombie PCs or bots during the same period. For the second quarter, an average of 376,000 new bots were activated each day for malicious use.

Between April and June, Brazil had the biggest share of zombie machines, with a 17.5 percent share of global bot activity, said CommTouch.

Mac malware is also on the rise, according to the company. Last month, security researchers warned of two new attacks targeting OS X users.

Citing security software company ParetoLogic, CommTouch said in its report there was an increasing number of Mac Trojans in the wild, as malware writers expand their attack surface by including as many platforms and browsers as they can. This trend is expected to continue for the rest of the year, it added.

This article was originally posted on ZDNet Asia.