Story image

(Win32/)Induc-tive Reasoning

08 Sep 09

While we do have statistics from our Threatsense.net technology, we don’t give out absolute numbers for malware detections, as that sort of statistic is more confusing than helpful. The feedback mechanism involves a large but self-selecting population of ESET-protected machines, and doesn’t necessarily reflect the situation among the total population of PCs accurately: it’s never more than a trend indicator, so any extrapolation to a global figure is guesswork.

However, I can tell you (as I told him) that when we added detection of Induc.A to our products, ThreatSense.Net came in with 30,000 detection reports in 24 hours. In the UK, it accounted for 0.26% of detections in August, putting it at number 51: worldwide, it scored 0.39%, putting at number 37. That’s still a pretty significant figure, though, for a recently added detection.

As of somewhere around 2.45 on Monday, 7th September, Win32/Induc.A represented 0.64% of our worldwide detections for September so far, which putting it at number 22 in the rankings at that time. That’s as compared to 4.11% for INF/Autorun, which was the top-ranked detection. For the UK, though, the ranking was significantly less: 0.40%, at number 36. Nonetheless, incidence is increasing worldwide and in the UK.

You have to remember, though, that this is a measure of detections of infected files, not of disruption, whatever you may understand by that: that can’t really be calculated from this automated service.


  • Some of those detections will be Trojans in their own right that happen to be infected with Induc.A because they were compiled with an infected version of Delphi.

  • Some will be detections of programs that the user hasn’t tried to run, or weren’t installed because Induc was detected.

  • Many will be installations that cause minor inconvenience rather than major loss of functionality, which I guess is what the journalist was getting at.

If you look back at my recent blog post, you’ll see that the blog isn’t about a scaremongering "thousands of machines will be put out of commission" prediction, it’s about the fact that there are a lot of infected files out there (and I think the figures speak for themselves on that).

However, in most cases, removal of those files won’t cause major damage. The case where a system is actually put out of commission because an infected program is installed and can no longer run is
hypothetical: I don’t expect to see lots of those, but it was important to make the point that it -could- happen because there’s a tendency to assume that Induc.A is a "harmless" virus because it can’t infect most systems. The point that people are missing is that it can affect systems without "infecting" Delphi. In most cases the effect will probably be trivial, but it will still cause some disruption.

Having said all that, though, I’d still say that a reported distribution of 4m infected files by Computer Bild constitutes serious disruption though, irrespective of whether anyone actually executed that particular program (TidyFavorites 4.1, according to John E. Dunn on Techworld).

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Global

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Company-X celebrates ranking on Deloitte's Fast 500 Asia Pacific
Hamilton-based software firm Company-X has landed a spot on Deloitte Technology’s Fast 500 Asia Pacific 2018 ranking - for the second year in a row.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Why the future of IT infrastructure is always on and always available
As more organisations embrace digital business, infrastructure and operations leaders will need to evolve their strategies and skills to keep up.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
IDC: Tablets stay dead, notebooks keep head above water
An IDC report predicts a soft personal PC market, slipping into further decline with the exception of notebooks, gaming PCs, and business PC upgrades.
The 2018 Canalys APAC Channels Forum keynote
There was a lot to unpack at the Canalys APAC Channels Forum keynote. This long-form piece tries to cover all the most relevant points for A/NZ.