AVLab.pl Advanced In-The-Wild Malware Test - September 2025

[ForgottenSeer 114717]

And if you are in the last 5% you have probably locked down your PC and can't even access the internet

Not correct and a part of reality at all.

Classified and other extremely high-value systems are air-gapped and remain so forever until they are destroyed using government approved methods that include full chain of custody and video and other documentation of non-recoverable destruction. Most NATO governments and those of their ilk follow this system.

Then there are highly hardened WAN-gapped SCIFs for extreme value interconnected systems.

It is rare for personal systems to be air-gapped, but they do exist. I know a number of researchers that do use this method to secure their specific isolated systems.

Then there are those, like Alexandru Dicu, who has only five (5) firewall rules that allow him to access the internet all the time, and then only one (1) time per month he updates nothing but Windows OS. He uses, of course, WFC and it is as close to air-gapped without being air gapped - and he doesn't even bother to harden the OS. He never loses any usability or productivity.

There are millions upon millions of systems out there that are hardened to a very high level and there is no degradation in either usability or productivity.

 

[Trident]

Every antivirus adds some form of hardening, I haven’t seen any solution that relies simply on chasing billions of malware samples released on a monthly basis.

The hardening is usually applied through the behavioural analysis which generally has a policy enforcement “sleeve” and this is exactly your hardening.

Different vendors have different understanding of how much the system should be hardened.

When your antivirus blocks powershell spawned from Word or when it blocks kukuna.js and wscript from writing in StartMenu/Startup folder, or Adobe Reader from starting a remote thread in Chrome.exe, this is all hardening.

So everyone has their system more or less hardened, the difference is how much.

But usually the “users want to use stuff” is causing these companies to go easy on it. There is a lot more that can be done.

 

[ForgottenSeer 114717]

home users have been pretty safe for at least 10 years.

Over the past decade, North Americans have faced steadily rising rates of digital device infections, identity theft, and financial losses from cybercrime. Malware infections have surged globally, identity theft reports have more than doubled, and financial losses in the U.S. alone have climbed from under $3 billion in 2015 to over $16 billion in 2024.

---

Ten-Year Trends in North America​

Category	2015–2017	2018–2020	2021–2022	2023–2024	Key Notes
Digital Device Infections	Billions of malware detections globally (~5B/year) deepstrike.io	Slight dip during pandemic (~5.4B in 2021) deepstrike.io	Stabilized (~5.5B in 2022) deepstrike.io	Sharp rise: 5.8B (2023), 6.2B (2024) deepstrike.io	Mobile malware surged; Android devices 50× more likely to be infected than iOS deepstrike.io
Identity Theft Reports (U.S.)	~2.6M reports in 2014 Security.org	~3.5M reports in 2019 Security.org	~4.7M reports in 2022 IdentityTheft.org	5.7M reports in 2024; 1.4M were identity theft IdentityTheft.org	Identity theft cases grew ~85% over the decade Security.org; most common type: credit card fraud ConsumerAffairs
Financial Losses (Cybercrime, U.S.)	~$1.1B losses in 2015 Statista	~$2.7B losses in 2018 Statista	~$6.9B losses in 2021 IdentityTheft.org	$12.5B losses in 2023 Statista; $16B losses in 2024 FBI Security.org	Investment fraud & business email compromise caused largest losses Statista

---

Key Insights​

• Device Infections: Malware infections remain pervasive, with over 6 billion detections annually by 2024. The rise of IoT and AI-driven malware has accelerated infection rates deepstrike.io.
• Identity Theft: The FTC reports identity theft cases nearly tripled in the past decade, with a new victim every 22 seconds in 2025 IdentityTheft.org. Credit card fraud dominates, but government benefits and bank transfer fraud are increasingly costly ConsumerAffairs Security.org.
• Financial Losses: Cybercrime losses in the U.S. grew more than 5× in ten years, hitting $16 billion in 2024 FBI Statista Security.org. Older adults (60+) suffered the largest financial losses, nearly $5 billion in 2024 FBI.

---

Risks & Considerations​

• Underreporting: The FBI estimates only ~15% of cybercrime incidents are reported Security.org, meaning actual losses and infection rates are likely far higher.
• Regional Vulnerability: U.S. states like Georgia, Florida, and Nevada consistently rank highest in identity theft per capita ConsumerAffairs.
• Attack Evolution: Criminals increasingly use AI, deepfakes, and sophisticated phishing to bypass defenses deepstrike.io.

---

In summary: North America has seen explosive growth in cyber threats over the past decade. Malware infections are measured in billions annually, identity theft reports have doubled, and financial losses have skyrocketed past $16 billion. The trajectory shows no signs of slowing, making proactive defense and fraud awareness critical.

 

[ForgottenSeer 114717]

Lesson two, deselect "hide know file extensions" in W explorer to avoid clicking any lnk file you have not created yourself (in such a case, we do not even need to apply SRP; you are the policy).

1. "deselect file extensions" to expose them in Windows Explorer is a security savvy move
2. "in such a case, we not even need to apply SRP; you are the policy" - absolutely incorrect as there are many ways to compromise a system without any interaction from the device owner/user themselves

 

[ForgottenSeer 123960]

I'm going to say this loudly so those in the back can hear me clearly.

THESE TESTS ARE BASELINE.

Nothing more. They can not account for all variables and never will be able to. Systems specs, software, habits, networks, geolocation are among some of those variables. They simply can not account for all of it.

 

[Parkinsond]

1. "deselect file extensions" to expose them in Windows Explorer is a security savvy move
2. "in such a case, we not even need to apply SRP; you are the policy" - absolutely incorrect as there are many ways to compromise a system without any interaction from the device owner/user themselves

Indeed, by copy and paste of code in run window; the kind members of MT (of course you are not included) teached me how to happen and how to avoid.

But here were are discussing the infection process related to torrent download of movie and associate files; to execute, must be clicked.

 

[ForgottenSeer 114717]

I'm trying to learn to be diplomatic, being a teen from the 70's I haven't quit acclimated to the softer, more sensitive agenda of the last 45 years.

There's nothing wrong with you. You're just you. That said @Divergent does point out a profound aspect about being diplomatic in personal communications in all forms - with digital communications being the most difficult of all. It is very easy - an absolute certainty - that most communications are mis-interpreted by others, they add their own meaning and intent and tell the poster what they meant and intended, and then they add a bunch of bah-junk that they bring with their cognitive biases and baggage.

 

[ForgottenSeer 114717]

The audiences of Bitdefender, Norton, McAfee and as we've seen here Kaspersky are just very wide. So it is normal for these complaints to exist, how many of them are failure of the techology and how many of them are behind-the-keyboard problem requires very deep investigation.

It would not take even 1,000 forensic investigations to find evidence that proves (as there have been many well designed, credible studies of this topic over the decades):

1. The majority are a "behind-the-keyboard" problem: and
2. People over-estimate the protection capabilities of all default allow security solutions.

 

[ForgottenSeer 114717]

and that what makes me wonder why most of members declare they do not do that, use updated OS and browsers, while seeking large arsenal of security products!

Because most do not have high value data, and anyone that does and knows what they're doing:

1. Makes continuous isolated backups; and
2. Would clean install any and all digital devices if compromise is proven; and most importantly
3. They've done a bunch of things that protect their identity, finances, and other valuable assets.

Most everyone else just needs to clean install their OS - which might or it might not fix a compromise. It all depends upon the type of compromise.

Does anyone need a "large arsenal of security products!"

No. They do not. They only need knowledge gained through research, study, tinkering (labbing or real-world experience) - which is "learning by doing" - and a little bit of work determining what provides truly effective security.

This is not difficult. Most people have the intelligence and other capabilities to do it.

However, the most widely accepted way of handling security is just to install security software which way more often than not turns out to be a bad move due to the unpaid technical debt.

The part about determining "What is adequate and effective security" is left to people, who most of them are incapable of understanding, let alone knowing, what is and what is not effective and all the holes that exist in even highly effective security.

 

[Trident]

However, the most widely accepted way of handling security is just to install security software which way more often than not turns out to be a bad move due to the unpaid technical debt.

Yeah, I remember when I was at uni the tutor asked “what do you use to protect your information” and one of the answers was “I am using Avast Free”. It made us all laugh a little bit. Then a clarification was added “I have no money to pay”.

 

[ForgottenSeer 114717]

LOL...let me chime in for him, "it's people, it's always people"

1. People
2. People
3. People

 

[Trident]

The part about determining "What is adequate and effective security" is left to people, who most of them are incapable of understanding, let alone knowing, what is and what is not effective and all the holes that exist in even highly effective security.

Even if you understand, if there is no one to provide the effective security, what exactly can you do? The current security solution providers invest 25-30% of revenues in marketing and merely 4-5% in R&D.

Usability is always prioritised.

Protection is usually a bunch of modules that rarely work together and a bunch of bells and whistles with little value.

Responses are usually limited to termination and remediation with nothing in between.

So what can the user do?

This is on the market, this is what they use.

Unless you can spin Visual Studio and write whatever you want written yourself…

 

[ForgottenSeer 114717]

Just blame hoomans, provide no applicable solutions to help, and order them to do research.

Security software developers and solutions providers know that PEOPLE are the problem. That's why they provide solutions, albeit highly flawed ones.

One cannot make people secure by simply providing them security software. Any parents with children that have a shared family Windows device with one of the "Top AV" installed on it knows this fact.

Enterprises and governments know this because it is their employees and personnel that cause the vast majority of the damage.

As far as research, you're a professor - did you not study to become one? Or did you go online and ask other people to do all your work for you by providing you the answers?

You do realize that every security software provider out there implicitly expects product users to read the manual, perform due diligence, and research, right? It is what is required in all matters of IT. It is inherent to the IT culture.

 

[Parkinsond]

As far as research, you're a professor - did you not study to become one?

Do everyone has to get a diploma of cyber-security before buying a PC?

Some good members here help to instruct those who do not know how to avoid malware; they deserve all respect.

 

[ForgottenSeer 123960]

1. People
2. People
3. People

View attachment 293762

View attachment 293764

View attachment 293765

Don't know whether to put a or a because both are fitting for this post. The first for demonstration with AI that still proves people are the problem , the second, well for the same reason.

 

[ForgottenSeer 114717]

Even if you understand, if there is no one to provide the effective security, what exactly can you do? The current security solution providers invest 25-30% of revenues in marketing and merely 4-5% in R&D.

Usability is always prioritised.

Protection is usually a bunch of modules that rarely work together and a bunch of bells and whistles with little value.

Responses are usually limited to termination and remediation with nothing in between.

So what can the user do?

This is on the market, this is what they use.

Unless you can spin Visual Studio and write whatever you want written yourself…

This is the fundamental flaw of the security software industry and "security is provided by software." The answer - or solutions - depend almost entirely upon what society allows, wants and is willing to fix, and above all else - pay for it. That's not how the world works - and why is that? It is because of people.

You can make a fighter pilot by educating and training a person. You cannot make a fighter pilot by only selling or giving them a 100+ million Euro fighter jet.

Most people who have a care about security just think and want "What is best AV? I will install that." That's until some see the next AV test results and what they're using scores "only" 97% but others score higher. So they change security software. Beyond that, not much else. Then they go to the refrigerator and eat way more calories than working mule needs. And that's it.

For those that don't have money, they use zero cost.

Who is at fault in this model? Who has the greater responsibility? Does responsibility for global problems not begin at the global societal level?

 

[ForgottenSeer 114717]

Do everyone has to get a diploma of cyber-security before buying a PC?

Not a diploma but probably they should know how to read, write, and do arithmetic.

This would be great for all mankind - all people should be forced to undergo extensive society-enforced analysis before they are ever permitted to pro-create and have children.

Some good members here help to instruct those who do not know how to avoid malware; they deserve all respect.

There's lots and lots of good security instruction on YouTube. Much of it specific, detailed, step-by-step "How To".

 

[Parkinsond]

There's lots and lots of good security instruction on YouTube

Why YT; MT forum is a great source for information, but, unfortunately, you do not like to share; I am grateful for those who generously instruct us such as Andy, Trident, SeirousHoax, and many other kind members; if I can mention them all, I would do so.

 

[ForgottenSeer 114717]

Don't know whether to put a or a because both are fitting for this post. The first for demonstration with AI that still proves people are the problem , the second, well for the same reason.

I just can't... man, I don't know. It should not even require use of anything.

"Stupid is as Stupid does."

     -- Forest Gump's Mama

Most people intrinsically know from life that most every problem that they routinely encounter is caused by people.

Notice that I deliberately used the word "most" because I'll state the obvious - that means "not all."

 

[Jonny Quest]

I found it interesting during my time on the BD forum, that when people got malware, they were genuinely surprised and questioned why BD didn't stop it. Essentially they thought they were bullet proof because they were using "one of the best" AV's, that they probably thought they could go anywhere, click anything, and download anything and still be protected. It had to be explained to them that it can happen, even with BD.

I agreed (loved) with this comment by @Trident as IMO, perhaps the F-Secure consumer side users know they aren't using a top tier AV, and aren't' pushing it to it's protection limits, not disabling, tweaking security features and are a little more aware of their part regarding online security?

F-Secure (and Eset too) I feel is a more "different" choice than Norton and McAfee which everyone installs by default. The user base going for F-Secure is less likely to turn off the protections and execute helloHamoraAndMoradora.exe downloaded from goldenpaginasonlinetodays.xyz.