Story image

(Win32/)Induc-tive Reasoning

08 Sep 2009

While we do have statistics from our Threatsense.net technology, we don’t give out absolute numbers for malware detections, as that sort of statistic is more confusing than helpful. The feedback mechanism involves a large but self-selecting population of ESET-protected machines, and doesn’t necessarily reflect the situation among the total population of PCs accurately: it’s never more than a trend indicator, so any extrapolation to a global figure is guesswork.

However, I can tell you (as I told him) that when we added detection of Induc.A to our products, ThreatSense.Net came in with 30,000 detection reports in 24 hours. In the UK, it accounted for 0.26% of detections in August, putting it at number 51: worldwide, it scored 0.39%, putting at number 37. That’s still a pretty significant figure, though, for a recently added detection.

As of somewhere around 2.45 on Monday, 7th September, Win32/Induc.A represented 0.64% of our worldwide detections for September so far, which putting it at number 22 in the rankings at that time. That’s as compared to 4.11% for INF/Autorun, which was the top-ranked detection. For the UK, though, the ranking was significantly less: 0.40%, at number 36. Nonetheless, incidence is increasing worldwide and in the UK.

You have to remember, though, that this is a measure of detections of infected files, not of disruption, whatever you may understand by that: that can’t really be calculated from this automated service.

  • Some of those detections will be Trojans in their own right that happen to be infected with Induc.A because they were compiled with an infected version of Delphi.
  • Some will be detections of programs that the user hasn’t tried to run, or weren’t installed because Induc was detected.
  • Many will be installations that cause minor inconvenience rather than major loss of functionality, which I guess is what the journalist was getting at.

If you look back at my recent blog post, you’ll see that the blog isn’t about a scaremongering "thousands of machines will be put out of commission" prediction, it’s about the fact that there are a lot of infected files out there (and I think the figures speak for themselves on that).

However, in most cases, removal of those files won’t cause major damage. The case where a system is actually put out of commission because an infected program is installed and can no longer run is hypothetical: I don’t expect to see lots of those, but it was important to make the point that it -could- happen because there’s a tendency to assume that Induc.A is a "harmless" virus because it can’t infect most systems. The point that people are missing is that it can affect systems without "infecting" Delphi. In most cases the effect will probably be trivial, but it will still cause some disruption.

Having said all that, though, I’d still say that a reported distribution of 4m infected files by Computer Bild constitutes serious disruption though, irrespective of whether anyone actually executed that particular program (TidyFavorites 4.1, according to John E. Dunn on Techworld).

David Harley BA CISSP FBCS CITP Director of Malware Intelligence

ESET Global

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Platform9 and Intersect partner to bring unified cloud to A/NZ
“For Intersect, Platform9 represents the single most strategic solution to a set of challenges we see expanding across the board."
Gartner: AI to reduce project management workload
80% of the work performed project management teams will be taken over by AI by 2030, starting this year.
Microsoft Teams’ eight new and upcoming features
After taking Best in Show at Enterprise Connect, Microsoft Teams will be seeing eight new capabilities over 2019.
IDC: NZ's PC market surprise growth will not last
Despite the growth witnessed at the end of 2018, IDC predicts that New Zealand’s traditional PC market in 2019 will decline by -4.4% YoY.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Vector penalised $3.5 million for excessive levels of power outages
''Given the impact electricity outages have on consumers and businesses it is crucial that lines companies have systems in place to identify and manage the risks present in their networks."
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
Microsoft offers Government free digital skills training
Upwards of 60 workshops will be offered, aimed at giving staff a vital grounding in cloud technologies, artificial intelligence and other skills.