- Oct 2, 2020
- 451
Is this chart a chart of new malware or chart of total malware as described above the chart? If it's indeed representing total malware than the number of new malware for past few years is similar.
How big are your chances to be infected?
- Thread starter Andy Ful
- Start date
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
The total number of malware. The increase is about 140 mln each year (2013-2020).
- Oct 2, 2020
- 451
If we assume that bad actors replace old malware with new then old malware is not in circulation any more and actively used malware has probably not increased that much in last few years. So I don't know if that would affect a likelihood to encounter malware.
Also we could assume that most AVs would block old malware and their protection score would increase if that malware ever reached user, lowering the chance to get infected.
Well, really I'm just thinking out loud, before going to sleep, so I might be wrong.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
The infection rate for the fresh and for the widespread malware will be probably the same, but increasing the number of new malware causes more events of AV alerts. So, in the period 2021-2030 there will not be 10 alerts about fresh malware samples but rather 15. The same for widespread malware. So, the correction is required.
We will see in 10 years for sure.
Edit.
If the infection rates will decrease in a few next years due to improving the AV protection then your prediction will be true.
We will see in 10 years for sure.
Edit.
If the infection rates will decrease in a few next years due to improving the AV protection then your prediction will be true.
Last edited:
- Oct 2, 2020
- 451
That's what I'm wondering about. From chart above it seems that number of new samples is not increasing but it's steady at about 140 million new malware samples per year for past few years (assuming that chart shows total malware as old + new malware). So if old malware is replaced with new then malware in circulation stays approx. at same level (not taking into account volume of distribution).
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
Thank God you are right.
I misunderstood the table. AV-Test gives also information about 350000 new malware a day (in the year 2020), which gives 126 mln new malware a year. This is close to the 7-year tendency (140 mln a year).
So, the number of 0-day malware and wide-spread malware (one-month malware) do not change significantly. The correction is not required.
Last edited:
The number of new malware is extremely variable and not predictable. I am on dark web forums, as well as pretending to be a "needy client" on Telegram, I let hackers remotely connect to my PC and befriend them. I have many hacker tools already obtained, such as remcos, NJRAT, last night I obtained a copy of Taurus.
All these tools build a server (which can produce tens/hundreds of malware samples per day) and then this server can be distributed by various downloaders and droppers. With one server I can generate 10 K unique malware pieces, or I can not generate anything, just spread it. It all depends on hackers mood.
Each one of the options will generate a new malware sample.
Simply changing the contacted host will generate a unique malware piece as well.
Hackers are actually giving me paid editions (sometimes, like with NJRAT), which I do not misuse, but can utilise for security audit purposes.
All these tools build a server (which can produce tens/hundreds of malware samples per day) and then this server can be distributed by various downloaders and droppers. With one server I can generate 10 K unique malware pieces, or I can not generate anything, just spread it. It all depends on hackers mood.
Each one of the options will generate a new malware sample.
Simply changing the contacted host will generate a unique malware piece as well.
Hackers are actually giving me paid editions (sometimes, like with NJRAT), which I do not misuse, but can utilise for security audit purposes.
Last edited by a moderator:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
It is interesting that the number of new malware a year is approximately constant for the last 7 years. It is easy to create many malware variants. In fact, over 90% of all malware samples are kinda polymorphic, if we agree to the popular (not precise) definition: "The term ‘polymorphic malware’ refers to the types of malware that constantly change for evading detection". Yet, still the number of new malware a year does not change for several years, despite the increase of computerization.
I think McAfee's threat reports may be a more reliable source of information.It is interesting that the number of new malware a year is approximately constant for the last 7 years. It is easy to create many malware variants. In fact, over 90% of all malware samples are kinda polymorphic, if we agree to the popular (not precise) definition: "The term ‘polymorphic malware’ refers to the types of malware that constantly change for evading detection". Yet, still the number of new malware a year does not change for several years, despite the increase of computerization.
Threat Reports | Trellix
Trellix's advanced threat research reports providing in-depth insights into malware, vulnerabilities and other cybersecurity threats.
That makes 25140 per hour, 603360 per day and if the tendency continues, 18 100 800 per month.
For a whole year, this would be 217 209 600.
If next year you increase that with just 1%, that would be an increase of 2 172 096 samples or a total of 219 381 696.
Or Trend Micro
Securing the Pandemic-Disrupted Workplace: Trend Micro 2020 Midyear Cybersecurity Report | Trend Micro (US)
Our 2020 Midyear Security Roundup delves into the pertinent challenges faced amid a pandemic, including Covid-19-related threats and targeted ransomware attacks. Read more as we share how to secure systems in this increasingly precarious landscape.
Or Avast
Or Kaspersky:
IT threat evolution Q3 2020. Non-mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, in Q3: Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe.
securelist.com
Bitdefender
How much of this malware will reach you, as a user, depends on security posture, habits, malware form, methods of propagation, hackers mood, location and many other variables.
Let me also back this up with a "for instance".
John is a regular user, who uses paid services, such as Netflix, Apple Music and others to stream contents. He doesn't use much software and has never had an alert from his antivirus product in the past 5 years.
John is looking for a specific movie, which is not available in his region, so a friend of his tells him about torrenting.
"Bro I find everything on torrents, just google <movieName torrent> and it will come up, I'm telling you"
John follows the advise and searches on Google. He opens the first result, and downloads a suspicious *.exe.
This exe is not a movie, but rather a brand new ransomware downloader.
Behavioural blocker detonates the malware in few minutes, but files are already encrypted.
This is a very innocent scenario in fact, John may have downloaded a credentials stealer and his bank account may have ended up drained.
It even happened to me, I shopped on a friend's computer once, as soon as I finished shopping, my bank notified me about a transaction of £157 for "Diesel Online Store, Milano, Italy" when I was actually shopping for a vape. This was of course blocked.
When I scanned the PC, I found Dridex was running and his AV was expired.
So from the example above, we can see how CHANGE OF HABITS and one simple mistake might render an average, not-so-unsavvy user infected, even though for the past 5 years he never had an infection.
Conclusion: with so many variables in users behaviour, current trends (what's going on in the world), malware form and malware authors skills, it is completely impossible to predict accurately how big your chances of infection are tomorrow, even less in 10 years from now.
Security is to be taken seriously.
Last edited by a moderator:
- May 29, 2018
- 2,728
Norton scores so well in those tests, but always ends being infected on malware hub samples
- Aug 17, 2014
- 11,111
That's wrong for sure, Norton has been infected sometimes recently in the Malware-Hub, but never almost every time as your comment looks like to meNorton scores so well in those tests, but always ends being infected on malware hub samples
Norton got infected once last month:
Clean/Protected:
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
Unfortunately, it is hard to find other sources than AV-Test, that present the several-year statistics of total malware growth. Although the numbers are different for different sources, the most important is the linear tendency in total malware growth. I found similar statistics for malware infections and malware attacks, but these are different categories. So far, I did not found the statistics about the total malware growth, which was not approximately linear (for 7 last years).
Last edited:
You can have a look at Symantec Internet Security Threat report archives to see how much new malware they discover every year and calculate it, but don’t expect to see arithmetic progression there. Numbers will be totally random.
Last edited by a moderator:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
New Malware Variants (Added Each Year)
2013 252
2014 317
2015 431 (355) <----- two reports give different values.
2016 357
2017 670
2018 246
Yes. Pretty much random. Could not find data from 2019 and 2020.
2015 Internet Security Threat Report, Volume 20 (broadcom.com)
istr-21-2016-en (broadcom.com)
istr-22-2017-en (broadcom.com)
istr-23-2018-en (broadcom.com)
istr-24-2019-en (broadcom.com)
It looks like there is a change and they now do smaller, incremental reports for few months.New Malware Variants (Added Each Year)
2013 252
2014 317
2015 431 (355) <----- two reports give different values.
2016 357
2017 670
2018 246
Yes. Pretty much random. Could not find data from 2019 and 2020.
2015 Internet Security Threat Report, Volume 20 (broadcom.com)
istr-21-2016-en (broadcom.com)
istr-22-2017-en (broadcom.com)
istr-23-2018-en (broadcom.com)
istr-24-2019-en (broadcom.com)
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
These tests use fresh samples only for the Real-World scenario. The Malware Protection tests are made on widespread samples (usually several days old). Malware Hub is a Malware Protection test for fresh samples. So, we have three different testing scenarios. From a couple of months, I can see also URL tests in MH and Norton scorings are very well.Norton scores so well in those tests, but always ends being infected on malware hub samples
Norton has very good scorings in the Real-World scenario due to the web-protection based on reputation. This is like testing any other AV with Edge web browser (SmartScreen reputation and PUA protection enabled).
Yes, it traps PEEXE files in a scenario where if they mutate too little, they will be identified by standard antivirus. If they mutate too much, they become totally unknown and get removed. Because real-world protection test, as well as other tests most probably only use PEEXE files, it's normal that Norton will get great results, whereas in the Hub I am frequently seeing scripts and Java malware amongst others.
- May 29, 2018
- 2,728
Lol, i had to go throught 4 months of malware hub and yes youre correct, maybe i have been dreaming since i always make fun of my friend using norton....sorryThat's wrong for sure, Norton has been infected sometimes recently in the Malware-Hub, but never almost every time as your comment looks like to me
Norton got infected once last month:
Clean/Protected:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
Having the data from the OP (chances_to_be_infected.txt) we can compare the infection rates for the years 2019 and 2020 to see if they are changing.
The number of Real-World samples tested in the year 2019 (AV-Test + AV-Comparatives + SE Labs):
309+277+307+368+335+331+ 752+703+ 400 = 3782
The number of Real-World samples tested in the year 2020 (AV-Test + AV-Comparatives + SE Labs):
402+304+339+370+334+ 754+758+ 300 = 3561
The number of Malware-Protection samples in the year 2019 (AV-Test + AV-Comparatives):
13668+6572+2428+13521+25933+20428+10970+10556 = 104076
The number of Malware-Protection samples in the year 2020 (AV-Test + AV-Comparatives):
20606+20236+21851+13571+12316+10249+10102 = 108931
Missed samples 2019
1. Norton..............(2_______2)
2. TrendMicro.....(7_______0)
3. Avira..................(15______9)
4. Microsoft........(12_____13)
5. F-Secure..........(12_____25)
6. Kaspersky.......(14_____24)
7. McAfee............(35_____30)
8. Avast................(26_____57)
r1=(2+7+15+12+12+14+35+26)/3782 = 0,033
R1=(2+0+9+13+25+24+30+57)/104076 = 0.0015
Missed samples 2020 (up to October)
1. F-Secure............(4_______1)
2. Norton...............(6_______2)
3. Kaspersky.........(4_______5)
4. Avast..................(11______2)
5. Microsoft..........(24_____12)
6. Avira...................(27_____17)
7. McAfee..............(41______7)
8. TrendMicro......(4_____257)
r2= (4+6+4+11+24+27+41+4)/3561 = 0.034
R2=(1+2+5+2+12+17+7+257)/108931= 0.0028
The results for Real-World infection rates (r1 and r2) are equal in the range of the expected error. If we would increase the total number of missed 0-day samples in the year 2019 by 5 then the infection rates for Real-World samples will be the same (0.34).
Because of the Trend Micro results, the infection rate R2 for Malware Protection tests in the year 2020 is greater as compared to the year 2019 (R2 ~2 * R1). Anyway, this infection rate is much smaller than for Real-World tests. Without Trend Micro, we could get the opposite result (R1 ~3.5 * R2). So, we cannot say for sure if the infection rate R is really growing with time.
The number of Real-World samples tested in the year 2019 (AV-Test + AV-Comparatives + SE Labs):
309+277+307+368+335+331+ 752+703+ 400 = 3782
The number of Real-World samples tested in the year 2020 (AV-Test + AV-Comparatives + SE Labs):
402+304+339+370+334+ 754+758+ 300 = 3561
The number of Malware-Protection samples in the year 2019 (AV-Test + AV-Comparatives):
13668+6572+2428+13521+25933+20428+10970+10556 = 104076
The number of Malware-Protection samples in the year 2020 (AV-Test + AV-Comparatives):
20606+20236+21851+13571+12316+10249+10102 = 108931
Missed samples 2019
1. Norton..............(2_______2)
2. TrendMicro.....(7_______0)
3. Avira..................(15______9)
4. Microsoft........(12_____13)
5. F-Secure..........(12_____25)
6. Kaspersky.......(14_____24)
7. McAfee............(35_____30)
8. Avast................(26_____57)
r1=(2+7+15+12+12+14+35+26)/3782 = 0,033
R1=(2+0+9+13+25+24+30+57)/104076 = 0.0015
Missed samples 2020 (up to October)
1. F-Secure............(4_______1)
2. Norton...............(6_______2)
3. Kaspersky.........(4_______5)
4. Avast..................(11______2)
5. Microsoft..........(24_____12)
6. Avira...................(27_____17)
7. McAfee..............(41______7)
8. TrendMicro......(4_____257)
r2= (4+6+4+11+24+27+41+4)/3561 = 0.034
R2=(1+2+5+2+12+17+7+257)/108931= 0.0028
The results for Real-World infection rates (r1 and r2) are equal in the range of the expected error. If we would increase the total number of missed 0-day samples in the year 2019 by 5 then the infection rates for Real-World samples will be the same (0.34).
Because of the Trend Micro results, the infection rate R2 for Malware Protection tests in the year 2020 is greater as compared to the year 2019 (R2 ~2 * R1). Anyway, this infection rate is much smaller than for Real-World tests. Without Trend Micro, we could get the opposite result (R1 ~3.5 * R2). So, we cannot say for sure if the infection rate R is really growing with time.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
Sorting the AVs by the sum of missed samples is not an especially good idea, because such a sum is like adding apples to oranges. Anyway, it works here for most AVs (except for Trend Micro and McAfee) if we slightly average the data (in the limit of statistical error):
1.Norton (Symantec)........... (08------04)
2.F-Secure, Kaspersky......... (17------27)
3.Avira, Microsoft................ (39------27)
4.Avast................................. (39------59)
Now the sorting is OK, similarly to the example:
1 apple + 3 oranges < 2 apples + 3.5 oranges
which is equal to:
1apple < 2 apples
and
3 oranges < 3.5 oranges.
Including McAfee and Trend Micro requires a more complex sorting method which will depend on the users' habits. For most users we should see something like that:
1.Norton (Symantec) ................................ 10 points
2.F-Secure, Kaspersky............................... 20 points
3.Avast, Avira, Microsoft, Trend Micro..... 40 points
4.McAfee ................................................... 80 points
Points ~ (missed Real-World) + 1/10 * (missed Malware Protection)
The factor 1/10 can be approximately calculated when knowing how often the user's AV alerts about Real-World and Malware Protection samples (for example a=1, b=3 parameters). This will give:
(b/a)*(7340/213000) ~ 1/10
For a=b
(b/a)*(7340/213000) ~ 1/30
1.Norton (Symantec) ................................ 10 points
2.F-Secure, Kaspersky, Trend Micro......... 20 points
3.Avast, Avira, Microsoft, ......................... 40 points
4.McAfee ................................................... 80 points
For people who use frequently flash drives, pirated software, and cracks the parameters can be a=1, b=10
(b/a)*(7340/213000) ~ 0, 345
1.Norton (Symantec) .................................10 points
2.F-Secure, Kaspersky ...............................25 points
3.Avast, Avira, Microsoft, ...........................50 points
4.McAfee, Trend Micro...............................95 points
With error += 6 points.
1.Norton (Symantec)........... (08------04)
2.F-Secure, Kaspersky......... (17------27)
3.Avira, Microsoft................ (39------27)
4.Avast................................. (39------59)
Now the sorting is OK, similarly to the example:
1 apple + 3 oranges < 2 apples + 3.5 oranges
which is equal to:
1apple < 2 apples
and
3 oranges < 3.5 oranges.
Including McAfee and Trend Micro requires a more complex sorting method which will depend on the users' habits. For most users we should see something like that:
1.Norton (Symantec) ................................ 10 points
2.F-Secure, Kaspersky............................... 20 points
3.Avast, Avira, Microsoft, Trend Micro..... 40 points
4.McAfee ................................................... 80 points
Points ~ (missed Real-World) + 1/10 * (missed Malware Protection)
The factor 1/10 can be approximately calculated when knowing how often the user's AV alerts about Real-World and Malware Protection samples (for example a=1, b=3 parameters). This will give:
(b/a)*(7340/213000) ~ 1/10
For a=b
(b/a)*(7340/213000) ~ 1/30
1.Norton (Symantec) ................................ 10 points
2.F-Secure, Kaspersky, Trend Micro......... 20 points
3.Avast, Avira, Microsoft, ......................... 40 points
4.McAfee ................................................... 80 points
For people who use frequently flash drives, pirated software, and cracks the parameters can be a=1, b=10
(b/a)*(7340/213000) ~ 0, 345
1.Norton (Symantec) .................................10 points
2.F-Secure, Kaspersky ...............................25 points
3.Avast, Avira, Microsoft, ...........................50 points
4.McAfee, Trend Micro...............................95 points
With error += 6 points.
Last edited:
Similar threads
