Malware Declines, Trojans Dominate

Orome1 writes "According to data gathered by Panda Security, only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month. Trojans were found to be the most prolific malware threat, responsible for 61 percent of all cases, followed by traditional viruses and worms which caused 11.59 percent and 9 percent of cases worldwide, respectively. These figures have hardly changed with respect to the January data."

"Only" 39 percent.

[John Hasler]

So that's how many hundred million bots?

Re:"Only" 39 percent.

[natehoy]

The problem with statistics like this from someone who offers a free antivirus scanner is that, well, people will download it as their first antivirus software, generally once they discover that antivirus might be a good idea. So that 39% is not fully representative of all computers out there, only ones where people have suddenly discovered a need for antivirus and want something free.

I don't know about you, but people only come to me for help once their computers start "slowing down" or "acting funny", and the first thing I do is install a free antivirus client for them and do a scan. And, surprise surprise, I'd say 90% of the Windows computers I've worked on have had some form of malware intrusion, in many cases pages full of them. I think I've had one co-worker have me look at a computer when she first bought it, and that was after her last computer had a really bad infection, so she wanted to make sure the new one stayed clean.

It's like the ER saying that 80% of the population they observe have severe injuries, or (oblig. car analogy) a tire shop claiming that 70% of the cars entering their shop have worn tires. Of course they do! You don't go to the ER unless you need to see a doctor RFN, and you generally don't go to a tire shop if you aren't seriously contemplating new tires. In the same vein, many (most?) people don't start taking antivirus seriously until their trial version of McNorton ran out a year ago and their computer is acting a little funny ever since that cute fluffy bunny video didn't work from that guy with the funny name in East Nowherestan.

So, honestly, I'm very surprised the number is that low.

Re:

[AJH16]

You forgot about the people who actually get free anti-virus software to keep their system clean. That's why it is so low. And yeah, I definitely agree on your reasoning. I know my personal record is fixing someone's computer only to find it had over 16,000 difference pieces of malware on it... I believe the solution was a reformat and instructions to be more careful with kazaa.

Re:

[causality]

I know my personal record is fixing someone's computer only to find it had over 16,000 difference pieces of malware on it

... that you knew about.

Re:

[maxume]

How many of those pieces were 'malicious' tracking cookies used to inflate the effectiveness of the scanner?

Sure, tracking cookies are irritating, but they aren't really the same thing as a botnet or whatever.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[camperslo]

Well I guess ya disproved the myth that Windows users can't make use of multiple cores...

Re:

[ozmanjusri]

Nearly 40% of all computers infected? Hundreds of millions of computers controlled by criminals.

Which operating system allows this? And why can't we recover the cost of their ineptitude from the manufacturer?

Re:"Only" 39 percent.

[Dragonslicer]

Which operating system allows this?

Any operating system that lets you install your own software is vulnerable to Trojans. Most Linux distributions would be less vulnerable if you can get the user to understand how to only ever install software from the official repositories, but a stupid user is going to follow the instructions on some random website to get new screen savers no matter what operating system they're using.

Re:

[je ne sais quoi]

I'd just like to point out that in our secretary's office is a windows XP box that is constantly rebooting ever since the IT department pushed a bad update. While I don't doubt that users installing their own software is a big issue, over-zealous system administrators or software companies who don't fully test their updates are also a problem. Perhaps not a security problem, but one that costs boku money & time nonetheless.

Re:

[PlusFiveTroll]

The windows update reboot loop issues... Got to love MS

http://support.microsoft.com/kb/949358 [microsoft.com]

I love their answer too... run a repair install. Most of the time I've seen this occur is because there is a file permission error and their stupid fucking update mechanism can't figure out that it needs to rollback the update, skip it, and report to the user what the problem is. I love how numerous updates leave random directories in the root drive that can't be deleted unless you take ownership and set full access

Re:

[causality]

Please stop blaming the O/S. In my experience, malware problems are 1% system + 99% uneducated user.

I've run every version of Windows since 3.11 (and a few versions of DOS before that). Never had so much as a single malware issue. I'm sure many here would say the same.

Maybe every O/S installer should end with an exam. If you pass the exam, you get admin. If not, you get a 1-800 number.

Actually he was blaming the vendor.

An analogy could be made that selling an OS to what you nicely call an "uneducated user" is like selling firearms to children. The difference, of course, is that a firearm manufacturer which deliberately did that would face liability. The software company? Not only do they face no liability, they get to advertise "easier to use THAN EVAR! No expertise required!" in order to increase sales.

Re:

[Mister Whirly]

Except, in your bit of rhetoric, you forget that selling an OS to an idiot rarely results in death. Or any other condition that can't be solved with a format and re-install - using the same OS.

I mean for god sake my mother, yes my mother, installed Windows herself the last time, and she has zero expertise. So there may be some truth to the whole "easier to use THAN EVAR! No expertise required!" statement.

Re:

[causality]

Except, in your bit of rhetoric, you forget that selling an OS to an idiot rarely results in death. Or any other condition that can't be solved with a format and re-install - using the same OS.

How typical of Slashdot. When confronted with an analogy, you have a couple of choices. You either undertand the point that is being made, or you nitpick the analogy. Excellent choice, sir.

If selling an OS to an idiot typically resulted in death there would be a lot of dead idiots.

The point, you know that thing you

Re:

[drsmithy]

So, how do you propose fixing the problem ?

Re:

[Mister Whirly]

Apparently by not selling software to the average non-technical customer unless they can prove they are not an idiot. I can see consumers going for this in a big way!

Re:

[tendrousbeastie]

It isn't unreasonable to point out that if one is to compare the selling of guns to the selling of computer software then one should keep in mind that the potential risks are different.

You're trying to claim, by way of analogy, that because we don't allow situation A, and situation A is similar to situation B, we therefore shouldn't allow situation B to occur. Therefore situations A and B should be comparable in magnitude of effect as well as in form.

Re:

[causality]

It isn't unreasonable to point out that if one is to compare the selling of guns to the selling of computer software then one should keep in mind that the potential risks are different.

You're trying to claim, by way of analogy, that because we don't allow situation A, and situation A is similar to situation B, we therefore shouldn't allow situation B to occur. Therefore situations A and B should be comparable in magnitude of effect as well as in form.

Actually I never said either one should be allowed. I never said either one should be banned. I merely observe that this company in this industry gets away with things that we would call irresponsible for other companies in other industries.

Apparently analogies are a real tough thing on this site. The point was, these practices are similar in principle. They are different in effect; a malfunctioning malware-infested computer isn't going to shoot someone.

I realize we're not a society that celebrates abst

Re:

[SnarfQuest]

"easier to use THAN EVAR! No expertise required!"

Let me guess, you bought your copy of "Windoes" from the same place you bought that "genuine Rollecks" watch.

Re:

[NotBorg]

<blockquote>I suppose that only mechanics should be allowed to drive?</blockquote>
If cars were just as unreliable and maintenance prone... Yes. You can drive a car for years just by putting gas in the tank and taking it in for an oil change. You can hardly go 30 days without a computer needing some kind of maintenance to avoid catastrophe.

Also people get trained and tested on their ability to drive a car. The car analogy doesn't work well because people are at least trained in normal operatio

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[NotBorg]

The problem is MSFT can only add so much before screams of "anti trust!" fill the web.

What are you talking about? Much of the improved security of Windows 7 had more to do with checking buffer bounds, sanitizing input, better utilization of hardware features like the NX bit, access controls, etc, etc. When developers write tests for functions and fuzz [wikipedia.org] their products, and use static analysis tools, code quality goes up and it becomes harder to exploit.

Microsoft apologists like to throw their hands up in th

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[NotBorg]

Did you miss the part where both Norton and Ultradefrag have screamed bloody murder over the fact Win 7 doesn't allow kernel hooks when it is those same hooks that allow malware and rootkits to penetrate so deeply?

Did you miss the part that Peter and AV friends created vulnerabilities [arstechnica.com] by using such hooks? Meanwhile, the same kernel hooks that all these security companies are bitching about aren't needed or used by MSE. That's right, the software you speak so highly of and want MS to roll out because it's

Re:

[Mister Whirly]

And the fact that 3rd party developers can put out software for Android that is malicious is somehow Android's fault? When you install an Android app, it tells you all the rights it is asking for, and you have the option to install or not at that point. If I am installing some stupid game and it wants full access to all areas of my phone, I won't install it. Chalk this one up to stupid users, not a flaw in Android. If you want to protect your Android phone from malicious software, there are plenty of apps

Re:

[phaserbanks]

Which operating system allows this?

Please stop blaming the O/S.

Actually he was blaming the vendor.

I think you missed something.

Re:

[drsmithy]

Which operating system allows this?

All of them.

Increasing numbers of Trojans?

[fuzzyfuzzyfungus]

I blame the UN/Satanic New World Order/Illuminati population control conspiracy...

Re:

[1s44c]

I blame the UN/Satanic New World Order/Illuminati population control conspiracy...

If there ever was or is a population control conspiracy it's not working. The world population is still growing at an unsustainable rate.

Re:

[Kozz]

I blame the UN/Satanic New World Order/Illuminati population control conspiracy...

I blame the University of Southern California.

There's definitely a sharp decline

[rsilvergun]

I wonder what caused it? Adobe did patch a few of their nastier PDF & Flash bugs. It'd be funny if that's all there was. Suck for computer shops though, business is way down :P.

Re:

[NJRoadfan]

There are still plenty of machines that don't have Java, Flash, and Adobe Reader updated to the latest versions. Keep those three up to date and install a good ad blocker, and the chances of getting infected drop a bit.

Re:

[gad_zuki!]

According to some research released by Brian Krebs, most exploits are Java based. Other research suggests that something like 70% of PCs have critical remotely exploitable conditions (plugins in browsers mostly.)

If infections fell recently its probably because companies like MS, AVG, etc are doing a better job catching catching malware before it infects people. Joe User doesn't understand that he needs to also update his Java and his Adobe products.

Re:

[_0xd0ad]

Other research suggests that something like 70% of PCs have critical remotely exploitable conditions (plugins in browsers mostly.)

...which is why I have Firefox configured to disable the Adobe PDF plugin and simply download PDF files. If I wanted to download a PDF file, I can open it, but a drive-by exploit can't just fire up the Adobe in-browser plugin without any permission.

Serious question

[AdrianKemp]

I've cleaned others' PCs for forever and a day, and I've always wondered about this.

malware = malicious software
trojan = malicious software pretending to be good software

However, most of my experience with so called malware is things like fake virus scanners and browser bars and weather gadgets, etc. To me that seems pretty tojan-esque.

Does it have to contain a hijacking element in order to be considered a trojan? That would make sense for the analogy, but I've never heard it described that way.

Re:

[Haedrian]

A trojan opens backdoors in the system, so the controller can either hijack your computer or send more malware your end. If it doesn't do that, its not a trojan.

So a virus which pops up "VIRUSES DETECTED! BUY THIS PRODUCT" is malware but not a trojan.

Think about the Trojan horse in the greek myth, when it got in, it opened the gates for worse things to come.

Re:

[Haedrian]

The ones which I saw/cleaned up myself didn't get additional malware, they just contented themselves with popping up ads and slowing the system down to a halt.

But yeah, if it gets more malware in - then its a trojan. Yeah the line is blurry.

Re:

[Em Adespoton]

These days, pretty much anything that isn't a virus or a worm but is malicious is dumped into the trojan bin.

Re:

[AdrianKemp]

Yep that makes perfect sense, thanks :)

Re:

[nowen2dot]

And here I thought a Trojan(TM) was designed to prevent popups leading to infections, pregnancies, etc. :->

Re:

[MSesow]

most of my experience with so called malware is things like fake virus scanners and browser bars and weather gadgets, etc.

I worked a job with an AV company doing tech support, and this is most people's experience. And for a good reason, too - these are the ones you notice. Many of these are written in order to spook someone into thinking that they need to buy something by displaying a "Windows has detected viruses!!!!11!" message, so that they will purchase SuperWindowsAV2011 (or some other similarly named "product"). But the thing that really makes me worry is that if the malware is well written and designed to go unnotice

Re:

[causality]

and the marketing folk just make the whole situation of poor perception worse by trying to make it sound like their product stops everything

There are many times when what they would call "marketing", I would call "fraud". Apparently it's legal, too.

Re:

[natehoy]

If it only resides in one directory, consider yourself lucky. The last one I was dealing with (can't recall the name, but it was one of the ones that screws with your Internet connection and redirects everything to their "pay $75 and you get to use your computer again" site) put copies of itself in a half dozen places, several of them quite creative,all with different and innocuous-sounding filenames. Each one was programmed to start up, look for the existence of the others, and if one or more were missin

Re:

[Idbar]

I had the chance of looking at someone's pc the other day, only to find that they are now shipping with webservers and redirect your HOSTS files to your own computer as alias for banks. So your "bank" connection is speedy and never fails, once they gather the data, I guess they'll report it somewhere else. To remove this, I had to go around looking for where the webserver was, among other temporary, hunting files was the most annoying part of it

Re:

[pnutjam]

I have been having great luck with Vipre Rescue [sunbeltsoftware.com]. They distribute this rescue program as an updated executable so you just download the most current version and run it on the infected machine. If you can get to windows, it works very well. I can even unzip it and launch it remotely on computers using psexec.

Re:

[flowerpotgirl]

I have had exactly the same experience this week, I had 3 infected machines on Monday, and a further 12 on Tuesday, and yes, most had fully updated AV on them. In a normal week I would clear about 4 or 5 machines of various types of malware and trojans, but something has been running riot this week! The desktop image on all the infected machines looks like old school malware that I used to see around 6 or 7 years ago!

Re:

[account_deleted]

Comment removed based on user account deletion

Panda sneeze: Cute infection goes viral

[qwerty8ytrewq]

Should have used a Trojan sized tissue!

Amazing

[dcw3]

"According to data gathered by Panda Security, only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month

And exactly how did 11% of them get cleaned up over the last month???

Re:

[maxwell demon]

"According to data gathered by Panda Security, only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month

And exactly how did 11% of them get cleaned up over the last month???

Format and reinstall?

But seriously, those were probably not the same computers anyway.

Re:

[John Hasler]

> And exactly how did 11% of them get cleaned up over the last month?

What makes you think they did? You don't imagine that these guys know or care anything about statistics, do you? All we can clonclude from this is that lots of computers are infected.

Re:

[dcw3]

What makes you think they did?

Sorry if my tone didn't come across sarcastically enough, but that was my intention. I in no way believe their numbers, certainly not that they dropped from 50 to 39%. Something is obviously amiss with their methodology.

The way that I interpret that data

[joeflies]

Panda Security software must be installed on all the computers that it scanned. So if 50% of those computers had infections last month and 39% of them STILL have infections now, then I conclude that Panda Security software is surprising ineffective against malware and trojans.

Microsoft Security Essentials / Windows Update

[Tony Isaac]

If wonder if this has anything to do with Microsoft's recent inclusion of MSE in Windows Update. It's been a little while now since this happened, maybe it's starting to make a difference.

http://it.slashdot.org/story/10/11/05/205256/MS-Adds-Security-Suite-To-Update-Service-Antivirus-Rival-Objects [slashdot.org]

Re:

[Mia'cova]

Well McAfee was just purchased by Intel. I'm sure they realize the software market is being squeezed by MSE/forefront. But on the other hand, they have the unique position of being able to look at things from the hardware side. Perhaps there will be a need/market for core AV strengths in the new world of mobile devices and cloud computing hardware. Perhaps hardware encryption, better app sandboxing, etc will play a role. Tighter hardware/software integration could be a key feature in moving towards safer en