How many viruses are made by anti-virus companies?

DrBeenGolfing

Level 1
Thread author
Verified
Mar 16, 2013
582
Background

As CEO of an anti-virus company my friends and associates often ask me “Who writes all these viruses?” and hidden behind this question is the sometimes serious accusation that “You write them yourself, just to drum up business!”.

If it was only so simple… The reality is however very different. Apart from the fact that this would be morally reprehensible and also illegal, it is actually pretty easy to prove that it is technically impossible for the anti-virus companies to manufacture the sheer volume of viruses produced.

Cost/Benefit calculation

The currently produced Viruses, Trojans and Bots are the result of an enormous amount of programming work. Intentionally and unintentionally released source code only allows a rough estimate of the original effort required but one can easily assume that every new genus of Malware is the result of at least 1-3 months of programming work. New variants that are further developments of old Malware are of course easier to produce.

At Emsisoft, we add around 20,000 new Malware signatures (fingerprints) to our detection database every day, i.e. roughly half a million each month. Historical developments indicate that the number of new threats doubles each year. Emsisoft Anti-Malware currently has 5.5 million signatures in its database. This also includes many signatures that detect variants of the same Malware using generic detection, so the total number of signatures is less than the actual number of Malware programs.

If I was the CEO of an evil anti-virus company I would first need a new employee to write a Virus in the first place. I would also need someone for further development and maintenance to protect my investment by ensuring that the Virus will still run on future operating systems. Once the Virus is finally finished it would then released into the wild and entered into the detection database of our own Antivirus software.

Great! In only one month we have managed to build one new Virus – one single Virus among 500,000 others in this month.

By now, it should be clear to everyone that it simply makes no commercial sense for us to write the Viruses ourselves. The advantages obtained through detection of one extra piece of Malware against the sheer unbelievable volume released each month are simply too small. Even when the cost of hiring programmers in dumping-wage countries is very low, it is absolutely certain that no Antivirus manufacturer can afford to do this. Even all the Antivirus manufacturers in the world together would not be able to generate the current volume of new Malware.

Well, who then is writing all this new Malware?

Sorry to say but it seems that these are people who can earn much more money writing Malware than the Antivirus sector could ever earn by writing their own Malware.

10 years ago these programs were mostly written by hackers wanting to test the realms of what was possible, but these days an enormous amount of criminal energy and hard-core commercial enterprise lies behind most Malware. A centrally controlled network of several thousand kidnapped PCs (Botnet) can be used in variety of different ways. This massive amount of computer power can be hired as a package for various devious purposes: For sending Spam and Phishing emails, for coordinated webserver overload attacks (DDos) in order to blackmail companies or as a proxy server network for hiding the traces of illegal activities. The largest detected Botnets such as Conficker, Rustock or Cutwail had over a million such “Zombie” computers available.

Other Malware authors attempt to convert their work directly into hard cash by encrypting important personal information and then demanding ransom money for decrypting the data (so-called Ransomware). Some Malware is directly targeted at specific companies or systems, for instance the sabotage attacks on the Iranian atomic energy program using the Stuxnet Malware at the end of 2010.

Antivirus = Virus

Another reason for the rumor that Antivirus companies write the Viruses is the increase in the number of fake Antivirus products (so-called Rogue Antivirus software). The authors of this type of Malware use names that are similar to well-known Antivirus brands to trick users into installing software that only pretends to detect Viruses. Forged detections are then used to urge the customer to purchase a “Full version”.

Conclusion

As you can see, Malware authors have many incentives to write new damaging software. All these incentives have one thing in common: They offer much greater rewards than the Antivirus companies could expect from writing their own Viruses. Quite apart from the fact that only one public example of this type of activity would be a legal, commercial and media disaster for an Antivirus manufacturer.

There is also the argument that Antivirus companies depend on the work of the Malware authors. This may be true, but our intentions lie at the opposite end of the moral spectrum and we are always doing our best to make the Internet a safer place.



Have a nice (Malware-free) day!

Christian Mairoll – CEO
www.emsisoft.com
 
F

ForgottenSeer 8371

I kinda suspected that too.
It's true if there are no viruses in the internet, what purpose do antivirus companies have?
Interesting article... thanks. :)
 

Nedim

Level 12
Verified
Mar 17, 2013
553
XVSkulblaka7 said:
I kinda suspected that too.
It's true if there are no viruses in the internet, what purpose do antivirus companies have?
Interesting article... thanks. :)


They'll have to change the way they do business.
I doubt it "officially" happens and is probably not part of the company policy. But nobody can legally control what employees do in their spare time.No...I do not believe in this at all....cause why would they do it?
At this point they are losing the battle against new samples so I doubt they would do this to themselves.
 
F

ForgottenSeer 8371

Nedim said:
They'll have to change the way they do business.
I doubt it "officially" happens and is probably not part of the company policy. But nobody can legally control what employees do in their spare time.No...I do not believe in this at all....cause why would they do it?
At this point they are losing the battle against new samples so I doubt they would do this to themselves.

Well, of course not all AV companies create viruses for their advantage, especially the most trusted ones.

For example,
Company X decides to create a virus that spreads all over the internet.
They created it so complex that the other AV companies have a hard time trying to find a way to protect from it.

But of course, since Company X created the virus, they can easily block it on their own Antivirus and claim to the public that they are the only AV company that can prevent this virus.

It kind of like a marketing scheme.
 
F

ForgottenSeer 8371

It seems like a conspiracy, of some sort. haha
Even by that logic, I'm not claiming that they are REALLY creating viruses.
Just kind of like a feeling...

But rest assure that all of these AV companies are trying there best to protect their customers.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Common controversies and no AV's wanted to downfall its reputation on making viruses issues as their job is to prevent and protect users.
 

I Walk MY Way

Level 6
Verified
Well-known
May 27, 2013
281
I would not go as far as to say no AV's wanted to downfall its reputation on making viruses issues
I think some have created some ,
But now their are more than enough malware writers out there making malware to steal our credit card numbers
and personal info, that most AV's have a full time job trying to protect users.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top