The number of malware threats is growing at a frightening pace.–PC Pitstop
250,000 New Malware Threats Everyday
by Bob Rankin
250,000 New Threats Per Day?
The quarterly report is published by the nonprofit Anti-Phishing Working Group, with contributions of data and analysis from security firms such as PandaLabs, WebSense, Internet Identity, and Illumintel. Over 2,000 global corporations, government agencies, and organizations are members of APWG.
The first surprise in the PhAT Report confirmed my assumptions by blowing them out of the water. I assumed the number of different malware species was growing, but not at the rate of “an average of 255,000 new threats per day.” That’s over 23,500,000 new threats in just the last three months of 2014!
No, there aren’t that many black-hat programmers in the world. The vast majority of the new threats are minor variations on old malware. Automated “code tweakers” rapidly re-write malware to give it a slightly new digital signature while retaining its functionality. The new signature is intended to fool signature-based malware detection engines. By cranking out so many variants per day, the bad guys hope to stay ahead of anti-malware programs’ signature database updates.
Signature-based detection is still included in virtually all anti-malware programs, so the bad guys need to keep up this bombardment of variants. But other malware detection techniques that aren’t fooled by code tweaks are commonly used, too.
“Behavioral analysis” examines what software does rather than what it looks like. If, for example, a program tries to update files it didn’t create, modify the Windows registry, or replace an operating system file, it may trigger an anti-malware alert.
Of course, many legitimate programs can be caught by behavioral analysis, so “whitelists” of programs generally recognized as safe are included in anti-malware software. Generally, users can add programs to such whitelists so they will stop generating false alerts.
PC Matic, unlike any anti-malware program I have ever seen, uses a combined blacklist and “whitelisting” approach to keep computers malware-free. Programs on the blacklist are blocked and quarantined. Only programs that are on the white (good) list are allowed to run. For over three years, PC Matic and its users have been adding software to the white list maintained on PC Pitstop’s servers.—Bob Rankin