There's less malware being created, but what's left is much smarter

While the anti-virus industry developed 1,381,967 new virus signatures to detect and block all new malware in the first half of this year – which is an all-time high – that was still only marginally bigger (3.9%) than the 1,330,146 new malware types that were found in the six months before, the report found. Analysts at G Data SecurityLabs think the growth of malicious programs will completely stabilize soon, with the industry seeing the aforementioned 2.5 to 3 million new threats every year from now on. However, quality will triumph over quantity in the underground economy.

“It has to, because people are understanding the online dangers better and are getting more cautious every day”, said Eddy Willems, security evangelist at G Data. “In order to be successful as a malware writer, more time and thought needs to be put into creating even more deceitful and convincing schemes. And we, as part of the AV industry, have our work cut out for us.”

During the past 10 years, writing malware seemed to have become an easy but lucrative trade. But thanks to security training and media coverage, potential victims have wised up. “This seems to have its effect on the malware writing profession now. Only the smarter malware writers, who manage to change their way of working along with the changing circumstances, seem to be surviving economically”, Willems said.

This, he explained, is simply Darwinism: “Adapting quickly to survive the changing circumstances is pretty much the definition of Darwin’s evolution theory.”

G Data identified modern banking trojans as a good example of smarter malware. “Most past attack schemes were relatively simple”, Willems observed. “For example, when a victim logged into online banking, they were prompted to enter a large number of TANs, which were then forwarded to the attacker. Newer methods are more sophisticated: In so-called Automatic Transfer System (ATS) scheme, the entire theft takes place without customer interaction. Account balances and lists of transactions are also manipulated in such a way that the victim does not notice the theft.”

Android presents high-quality vectors on the mobile side as well. In 2011, most of the malware for mobile devices could mainly be found on websites or on third-party app markets – a red flag for a savvy consumer. But 2012 marked the appearance of completely reprogrammed or even new original apps that provided the full scope of functions advertised, and were thus accepted to the Android Market – but, they also contained the hidden malicious functions. “This had the effect that even the official Google Play Store could distribute malware for several days or even weeks before it was discovered”, said Willems.

G Data noted that the best example of why quality is more important than quantity for malware writers is the Flashback virus for Apple. “In the first half of 2012, there have been only a few viruses for Mac OS”, Willems said. “In fact, there were fewer new threats for Apple this semester than there were in the two previous semesters. But one high-quality virus, Flashback, did the trick. It infected more Apple machines (well over 600,000) than have ever been infected before.”

What’s Hot on Infosecurity Magazine?