It's not only our food prices and gasoline prices that are rising, botnets and malware are also on the rise. In my presentation, I mentioned that this has become a well organized industry. But how well are they organized?
Brian Krebs did a piece on Antivirus firms struggling to keep up and the next picture tells it all:
Quality assurance? Research and Recruitment? Looking at the graph, we see that there was an exponential explosion by the end of 2006. Seems they are having more luck to recruiting IT personnel then some of our companies are. Now a 100% protection rate against malware is unrealistic but a lot of people think that AV products gives them 90%-95% detection rates. As you can read in the next part, this is not the case:The rapid increase of viruses and other malware has forced the anti-virus industry to overhaul its traditional approach writing its software, with the result that security products on the market today are far more powerful and sophisticated. But many observers say that despite all its new bells and whistles, the anti-virus industry as a whole continues to fall behind in identifying the very latest malicious software.
The challenge, security experts say, is that criminal groups responsible for manufacturing most of the malicious software in circulation today are reinvesting their illicit profits in research and recruiting talented computer programmers. A special emphasis is placed on creating malware that coexists peacefully with an infected computer system, doing its work quietly in the background.
"A lot of these [malware] shops are now hiring professionals and doing quality assurance work, things that generally make the job of the anti-virus researcher that much harder," said Randy Abrams, director of technical education at ESET, an anti-virus company based in Bratislava, Slovakia.
Read Full article."The problem is that we have this ongoing, unrealistic expectation that somehow we are going to detect 100 percent of the malware out there, when in fact what we have today is slightly less detection than we did, say, in the mid-1990s, when we were actually catching 70 to 80 percent of the new threats," said AVIEN's Harley.
For security researchers on the bleeding edge of defending information networks, even those less-than-stellar numbers may be seem a bit inflated. Jerry Dixon, director of analysis for Team Cymru, a security research firm in Burr Ridge, Ill., said his team recently submitted more than 1,000 samples of brand new malware for scanning by 32 different commercial anti-virus products from around the globe. The result: Only 37 percent of the programs were detected as malicious by any of the products.
"The real challenge here is for people to get it through their heads that anti-virus is not a panacea, and that it's always going to fall short of identifying threats in real-time," said Trend's Perry. "The challenge for us as an industry is to try to change that perception, while at the same time integrating new threat mitigation features into our products."
I want to refer to two other papers, the first one was mentioned last month in The efficiency of anti-virus. There we could see the three virusscanners in the Google paper achieving detection rates ranging from 30% to 70%.
The second paper was from the German Honeynet Project "Chinese Underground Economy", were they spidered the top sites displayed in google.cn. There they used 9 virusscanners to scan dropped binaries and the best virusscanner out of 9 had a detection rate of 83.6%. The other AV engines scored lower then that. These figures seem somewhat consistent with the number mentioned in the article above.
Now more specifically on the topic of botnets, I saw the following article from Zero Day Threat: Botnet saturation points to rising crime.
Our USA Today cover story today on botnets saturating the Internet revealed Support Intelligence’s astounding finding that, on any given day, 40% of the computers connected to the Internet are engaged in delivering spam, implanting malware, harvesting data, launching denial-of-service attacks and generally causing mayhem. On some days that rate spikes to 70%, says Support Intelligence CEO Rick Wesson.Those figures seemed to be somewhat on the high side, or are they?
That’s nightmarish.
IDC estimates roughly 800 million computers are connected to the Internet. A healthy Internet, says Wesson, would have less that 1 %, or 8 million machines, botted. On an average day, Wesson see more than 300 million bots engaging in nefarious activities.
In 2007, some 25 percent of major Vietnamese websites are vulnerable to hackers' attacks, and 95 percent of personal computers were infected with viruses.
According to BKIS (a leading local network security center in Vietnam) surveys, last year, 342 Vietnamese websites were attacked by hackers, of which 224 websites were hacked by foreigners. Meanwhile, over 33.6 million computers were infected with viruses, causing estimated losses of 2.4 trillion Vietnamese dong (150 million U.S. dollars). (Source: people.com.cn)
So that's for Vietnam only. So 300 million bots may not seem completely impossible. I'm a bit interested to see some figures like these from European countries. I'm gonna finish with an article from Zdnet Asia: RSA sees increase in fast-flux botnets. In the article, researchers from Cambridge don't seem reach the same conclusion and state that the number of botnets have remained stable during the last year. I'm not saying they are incorrect but I'm going to show you the latest graph from shadowserver.org :
UPDATE: Added a small part 2: Everything is increasing -- bis
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment