Malware Declines, Trojans Dominate

Orome1 writes "According to data gathered by Panda Security, only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month. Trojans were found to be the most prolific malware threat, responsible for 61 percent of all cases, followed by traditional viruses and worms which caused 11.59 percent and 9 percent of cases worldwide, respectively. These figures have hardly changed with respect to the January data."

Re:"Only" 39 percent.

[natehoy]

The problem with statistics like this from someone who offers a free antivirus scanner is that, well, people will download it as their first antivirus software, generally once they discover that antivirus might be a good idea. So that 39% is not fully representative of all computers out there, only ones where people have suddenly discovered a need for antivirus and want something free.

I don't know about you, but people only come to me for help once their computers start "slowing down" or "acting funny", and the first thing I do is install a free antivirus client for them and do a scan. And, surprise surprise, I'd say 90% of the Windows computers I've worked on have had some form of malware intrusion, in many cases pages full of them. I think I've had one co-worker have me look at a computer when she first bought it, and that was after her last computer had a really bad infection, so she wanted to make sure the new one stayed clean.

It's like the ER saying that 80% of the population they observe have severe injuries, or (oblig. car analogy) a tire shop claiming that 70% of the cars entering their shop have worn tires. Of course they do! You don't go to the ER unless you need to see a doctor RFN, and you generally don't go to a tire shop if you aren't seriously contemplating new tires. In the same vein, many (most?) people don't start taking antivirus seriously until their trial version of McNorton ran out a year ago and their computer is acting a little funny ever since that cute fluffy bunny video didn't work from that guy with the funny name in East Nowherestan.

So, honestly, I'm very surprised the number is that low.

Re:System Tools

[natehoy]

If it only resides in one directory, consider yourself lucky. The last one I was dealing with (can't recall the name, but it was one of the ones that screws with your Internet connection and redirects everything to their "pay $75 and you get to use your computer again" site) put copies of itself in a half dozen places, several of them quite creative,all with different and innocuous-sounding filenames. Each one was programmed to start up, look for the existence of the others, and if one or more were missing it copied itself to them and re-established the startup for each of the missing ones.

One of them was even programmed to only check-and-restore on every five startups or so, so the whole damned thing came back while I was in the middle of catching the computer up on its Windows Updates, an hour after I thought I had the machine completely scrubbed clean. It was hiding itself under a filename that looked like a driver for the touchpad. Clever bit of thinking, actually - victim takes computer to pro, pro cleans the gunk out, victim takes machine back home and a week or so later the infection magically reappears.

Took me hours to rip out that sunovabitch. I told the user to back up their data NOW and if it came back to bring the machine back with the recovery discs so I could nuke the damned thing from orbit.

Re:"Only" 39 percent.

[Dragonslicer]

Which operating system allows this?

Any operating system that lets you install your own software is vulnerable to Trojans. Most Linux distributions would be less vulnerable if you can get the user to understand how to only ever install software from the official repositories, but a stupid user is going to follow the instructions on some random website to get new screen savers no matter what operating system they're using.