Cyveillance: More than half of the active threats online go undetected

by Steve Ragan - Sep 24 2009, 17:00

Cyber intelligence-based security vendor Cyveillance recently released the results of an internal study that says, even with the latest anti-Virus protection, users have a 1-in-2 chance of being infected by Malware. In short, the report says traditional Malware protections are failing you.

According to the report, the first half of 2009 saw a huge jump in the amount of scams and fraud online, in both geographical reach and technical complexity. Likewise, Malware attacks and Phishing campaigns on social networks (Facebook, MySpace, and Twitter) moved into the mainstream.

“User protection against these scams such as traditional anti-Virus (AV), anti-Phishing browser features and other protection applications could not adequately detect and protect against new and quickly changing threats on the Internet, leaving consumers exposed to many cyber dangers,” the report says.

Cyveillance’s report on Phishing contradicts claims by IBM, Microsoft, and Symantec, who claimed a drop in Phishing attacks overall in 2009. According to the report, there were 176,864 Phishing-related campaigns over the past three months, and only 31.5-percent of newly identified phishing attacks were actually detected. The reason for the difference in opinion, Cyveillance said, is because the other Phishing reports only counted email, leaving social networks, SMS, and voice out of their findings.

On a daily basis, Cyveillance said that they detect hundreds if not thousands of new Malware attacks. To test detection rates, they fed these active attacks through thirteen of the top anti-Virus vendor offerings. McAfee scored the highest, with a detection rate of 44-percent, followed by Sophos (38%), Dr. Web (36%), Symantec (35%), Trend Micro (34%), AVG (31%), and F-Secure with 28-percent.

They tested browser security as well, using Internet Explorer, Safari, Google Chrome, and Firefox. The browser test aimed at Phishing protections, and overall, Mozilla scored the highest. Firefox detected 54.9-percent of Phishing related attempts upon initial discovery, and 87.1-percent after the fist 24-hours. Chrome came in second, followed by Safari and Internet Explorer.

When McAfee’s SiteAdvisor was tested for Phishing protection along site Norton’s SafeWeb, there was no contest apparently. SiteAdvisor detected 43.1-percent upon initial discovery and 52.3-percent after the first 24-hours. Norton managed to pull 4.4-percent and 5-percent in comparison.

Rounding out the report, Cyveillance said that the U.S. is the top Malware producer, followed by China, the U.K., Germany, and Russia. When it comes to Phishing, the U.S. tops the list again hosting 45-percent of attacks, followed by Canada (12-percent) and the Netherlands (7-percent).

While the numbers are hard hitting, there is still some missing information. There is no record of software versions, either for the browser or the anti-Virus software tested. Other testing methodology is missing as well, such as how heuristics, black and/or white listing, and behavior and/or protocol analysis were factored into their tests, or even if they played a role at all. What is given is the note that, “All Cyveillance phishing figures and statistics are actual measurements, not projections based upon sample datasets.”

“Cyveillance’s comprehensive monitoring technology continuously sweeps the Internet – monitoring and collecting information from over 200 million unique domain name servers, 183  million unique Web sites, 80 million blogs, 90,000 message boards, thousands of IRC/Chat channels, billions of spam emails, auction sites, bot networks and more. This approach yields the discovery of more than 100,000 new sites each day,” the report and accompanying press release noted.

This is fine, but considering the scores handed out, the missing data from the testing, and the fact that the anti-Virus industry takes a beating, it’s highly likely many vendors as well as experts will take issue with the report.

If you want to read the report, you can view it online here. Chime in on the comments and let us know what you think of it.

 

Around the Web