Viruses only cause an impact for 24 hours as rogueware variants continue to grow

News by Dan Raywood

Over half of all new viruses will only last 24 hours.

Over half of all new viruses will only last 24 hours.

According to PandaLabs, Panda Security's malware analysis and detection laboratory, 52 per cent of the 37,000 samples of malware spread and try to infect users for just 24 hours. It claimed that the reason for this lies in hackers' motivation to profit financially from malware as they try to ensure their creations go unnoticed by users and security solution vendors.

PandaLabs claimed that just 24 hours after they put any strain of malware into circulation, they will modify its code so that it can continue to spread without being detected by security companies.

Luis Corrons, technical director of PandaLabs, said: “This is a never-ending race which, unfortunately, the hackers are still winning. We have to wait until we get hold of the malware they have created to be able to analyse, classify and combat it.

“In this race, vendors that work with traditional, manual analysis techniques are too slow to vaccinate clients, as the distribution and infection span is very short.” 

Meanwhile a report named ‘The Business of Rogueware' by PandaLabs researchers Luis Corrons and Sean-Paul Correll revealed that there are approximately 200 different ‘families' of rogueware, and it expects the variations to continue to grow.

In the first quarter of 2009 alone, it detected that more new strains of malware were created than in all of 2008. The second quarter painted an even bleaker picture, with the emergence of four times as many samples as in all of 2008.

PandaLabs estimates a rogueware total greater than the previous 18 months combined for the third quarter of 2009.

Rogueware, or fake anti-virus, consists of any kind of fake software solution that attempts to steal money from PC users by luring them into paying to remove nonexistent threats. PandaLabs predicts that it will record more than 637,000 new rogueware samples by the end of the third quarter of 2009, a tenfold increase in less than a year.

It claimed that approximately 35 million computers are newly infected with rogueware each month (approximately 3.50 per cent of all computers), and cybercriminals are earning approximately $34 million per month through rogueware attacks.

It claimed that the primary reason for the creation of so many variants is to avoid signature-based detection by (legitimate) anti-virus programs. The use of behavioural analysis, which works well with worms and Trojans, is of limited use in this type of malware because the programs themselves do not act maliciously on computers, other than displaying false information.

However, PandaLabs has started to identify more advanced malware variants that are using typical Trojan features, rootkits and other techniques to subvert virus detection technologies.

PandaLabs' research reveals that the affiliates are mostly composed of Eastern Europeans recruited from underground hacking forums. They earn a variable amount per each install and between 50-90 per cent commissions for completed sales.

Corrons said: “Rogueware is so popular among cybercriminals primarily because they do not need to steal users' personal information like passwords or account numbers in order to profit from their victims.

“By taking advantage of the fear in malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially as popular social networking sites and tools like Facebook and Twitter have become mainstream.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews