Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Brief study shows difficulty in detecting malware
Published: 2008-11-20

Malicious coders' tactic of churning out numerous variations of a malicious program works well at defeating most antivirus defenses, a researchers at security firm FireEye stated in an analysis published on Thursday.

Stuart Staniford, chief scientist at the firm, used 217 binaries flagged as malicious by his company's product for detecting Web infections and submitted them to VirusTotal, a service that collects the responses of 36 antivirus scanners. The results showed that online attackers tend to only use a particular code variant for a short time, Staniford said in a blog post discussing the results.

"They generally create new binary packing, use that exact version for a few days to a week or so, and then discard it once it becomes widely known," Staniford stated. "The lifetime of a newly created malweb binary is a few days to a week before it is discarded."

The researcher also found that the samples submitted to VirusTotal during the three-day period of the study were only detected, on average, by slightly more than 40 percent of the antivirus scanners run by the service.

The study did not track the performance of particular scanning engines, which leaves open the possibility that a handful of anti-malware products performed much better than the statistical 4-out-of-10 result.

The number of variants of malicious software has skyrocketed in the past two years, topping 500,000 at the end of 2007 and nearing a million in June.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus