Recently, we published the latest bulletin about the steep increase of Banker Trojans. Today we have massive amounts of malware circulating the Web and most of them are Financial/Identity Theft related. See the report: here
The increase in the volume of malware in circulation has been exponential over the last few years. In 2007 we received more malware samples than in the previous 17 years combined. Our forecasts for 2008 indicated that we would end the year with some 7 or 8 million malware strains, however, we actually ended up with over 15 million malware specimens.
To fully understand the explosive increases in samples, you must first understand the characteristics of this new, increasingly complex malware. As you may already know, we rarely face large epidemics triggered by fame-craving virus writers looking to infect thousands of computers. Instead, today's malware writers are heavily focusing on monetary gain. The goals of modern day cyber-criminals are to maximize the profit from their creations.
This is seen in the evolution of the following malware types throughout last year:
Types of malware received at PandaLabs in January 2009
As we have published several times in this blog, today, there are huge illegal businesses behind this type of cyber-crime and criminal organizations are making a lot of profit from identity and data theft.
I'd like to share with you just a glimpse of how we have been able to fight this avalanche. The model that was previously used by the entire industry was clearly unsustainable over time, as it involved technicians manually examining the malware samples received at labs. Given the rate at which malware volume was increasing, how could we possibly answer our clients' needs? How long would that take? Could we keep clients protected? How many technicians would we need in just a few years' time to be able to analyze all these samples? So, in 2006 we decided to stop working like the others and started implementing what we call Collective Intelligence.
I donâ€™t want to go into too much technical detail about this (those of you who are really interested in this subject can download the White Paper we published in early 2008: here. What we basically did was develop a system for automatically detecting, classifying and remediating malware. This approach offers a complete real-time protection for users with the minimum impact in their systems, as the entire process takes place â€œin the cloudâ€Â. Today, two years after we started implementing this technology into our products:
– We have classified over 17 million malware strains.
– We receive some 25,000 malware samples every day. With Collective Intelligence we can automatically analyze and classify 99.37% of it.
– Our current response time is 30 times shorter than two years ago.
Now that many companies are beginning to talk about cloud computing, It's amazing to think that we have implemented this technology over two years ago. The scalabilty of Collective Intelligence allows us to combat the new malware dynamic with a future proof concept, as it is clear that the number of malware in circulation will continue to grow in the future. With Collective Intelligence we can detect new malware very quickly and protect our clients in real time, which is our ultimate goal. Also, as most processes take place in the cloud, our solutions have no impact on our clientsâ€™ computers, one of the key objectives we had when developing this technology.
Finally, apart from the technological response that we, as security vendors, must offer to users, I think we also have to do everything possible to report this criminal activity, help public institutions and raise awareness among the general public to stop those that are behind the malware strains we get at our laboratories. This, however, will be the subject of another post.