Security Analysts Disproportionate in their Investigation of Malware

The forms of malware most frequently investigated by security analysts are not actually the most widespread ones used by cyber-attackers, according to a new study by Kaspersky. It revealed that whilst Backdoors (24%) and Droppers (23%) are amongst the top three most commonly sent free requests to the Kaspersky Threat Intelligence Portal, they only make up 7% and 3% of all malicious files blocked by the Kaspersky endpoint products, respectively.

The Kaspersky Threat Intelligence Portal is a means to help analysts to better understand the background of an attack following the detection of malicious activity in order to develop effective response and remediation measures.

Anonymized statistics from the portal show that 72% of the free requests sent related to three categories: Trojans (25%), Backdoors (24%) and Droppers (23%). Although figures from the Kaspersky Security Network demonstrate that Trojans are indeed usually the most widespread type of malware, the amount of Backdoors and Droppers are nowhere near as frequent as these requests would suggest.

The reason for this disparity is believed to be because researchers are often interested in the final target of the attack, whereas endpoint protection products aim to prevent attacks at an early stage, before they reach the user’s computer.

Kaspersky added that researchers could also be interested in analyzing certain kinds of threats in extra detail due to factors such as their novelty and media coverage.

Denis Parinov, acting head of threats monitoring and heuristic detection at Kaspersky, said: “We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses, or pieces of code that insert themselves in over other programs, is extremely low – less than 1%, but it is traditionally among the most widespread threats detected by endpoint solutions.

“This threat self-replicates and implements its code into other files, which may lead to the appearance of a large number of malicious files on an infected system. As we can see, viruses are rarely of interest to researchers, most likely because they lack novelty compared to other threats.”

What’s Hot on Infosecurity Magazine?