Story image

Blog: More infections = a lot more malware

04 Sep 09

This tool is available freely from ESET’s website at and can be accessed by anyone to scan their system without having to install a product. Data from our online scanner is interesting because it comes from systems that are not necessarily running one of our products (or do not have any antivirus installed at all). During the last three months, more than half a million PCs were scanned using this tool, with very interesting results.

First, we discovered that when a computer is infected, an average of 13 malicious files are found on the system. A malware infection does not equal one malicious file being installed on the system – many files on an infected computer can be corrupted or infected by the same piece of malware. And, it’s not just infected with malware, it’s often infested. This number can be explained by the comeback of file infecting viruses, which were considered almost extinct a couple years ago. Modern malware families such as WMA/TrojanDownloader.GetCodec infect multimedia files, and playing any of these files will result in an infection of a system. For example, if you have 500 songs on your computer and you get infected by that threat, you will have more than 500 malicious files on your PC. Another example of current file infector is the Win32/Virut family which, in addition to infecting executable files, changes HTML files to insert an IFRAME to a malicious site. Anyone viewing the modified HTML file with a vulnerable browser then becomes infected.

The second interesting point we found while analyzing our online scanner logs is that there are, on average, three malware families found on infected computers. This illustrates another trend we have
been observing lately, which is “pay per install” malware distribution. Multiple malware families do not have any propagation mechanism built into their code. Instead, these pieces of malware are distributed and installed on computers by criminal gangs. One very good example of such malicious software are rogue antivirus programs. Rogue antivirus scams typically do not copy themselves to external drives, nor do they propagate through a network. Their operators simply pay other criminal gangs every time a copy of their rogue software is installed on a PC. Back in March, the Win32/Conficker worm installed a variant of the Win32/Waledac worm on systems it infected. In turn, Win32/Waledac downloaded and installed  a rogue antivirus. This is a typical scenario and explains the numbers of families we are seeing. This second statistic is different from the number of malicious files because each of these malware families can also infect multiple files.

Through our ThreatSense.Net monitoring system, we also gather statistics on malicious activity witnessed by computers running ESET’s antivirus software. On a daily basis, 3.3% of the computers detect and block at least one threat. If your company has 1,000 computers connected to the Internet, chances are that, during the next 24 hours, 33 of them will either try to access a malicious file on the Internet, receive something suspicious by email or be attacked by a network worm.

To sum up, we are seeing more malware per infected computer and also more malicious files on each of them. Our virus lab receives over 100,000 new pieces of malware every day. There are more malware authors than ever and their technologies are getting better to rapidly create new variants of malicious code. To build awareness around the problem of cybercrime and malware, ESET is launching a month-long campaign in San Francisco.

Pierre-Marc Bureau

Senior Researcher

ESET Global

Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Hands-on review: The Logitech R500 laser presentation remote
With a clever ergonomic design, you’ll never have to glance at the device, unless you deliberately look to use the built-in laser pointer to emphasise your presentation.
Noel Leeming slapped with $200,000 fine for misrepresentation
“This prosecution related to multiple consumers in multiple locations. It was not isolated or ‘one off’ conduct.”
Review: Should you buy the Fitbit Charge 3?
If you are new the to the world of wearables you might be wondering if Fitbit’s new offering is a good first step. Maybe I can help with that.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
Avnet to boost AI/IoT solutions with acquisition
The acquisition of Softweb Solutions adds software and artificial intelligence to Avnet’s ecosystem and bolsters its IoT capabilities.