For the ultimate in whitelist antivirus protection that protects against information leaks caused by targeted attacks (spear attacks), you need AEGISGUARD from KLab
HOME > Virus trends in recent years
When viruses started to appear in the 1990s, there were many authors of viruses who were merely doing it for fun. In these cases, since they probably wanted to create havoc in the world to show their technical prowess, most of the damage was visible and involved something like a picture or message appearing on the computer screen or an email with the virus attached being sent without the user’s permission.
But since information has taken on greater value in recent years, there has been an increase in targeted attacks* for the purposes of crime.
In the case of targeted attacks, there is a tendency to steal information without the user noticing, so that even people who are attacked may not know about it.
- ※About targeted attacks
- These are attacks aimed at specific targets. Computers in businesses and organizations are particularly targeted in attempts to steal internal information.
They commonly involve unlawful programs included in email attachments and use a range of techniques to trick a person into opening the attachment, such as faking a sender’s name or using email messages that appear to be work-related. Once the unlawful program is installed on the computer, it tries to secretly steal important information.
Detections of viruses, malware, and spyware were relatively calm until around 2004, but since 2005 there has been an explosive increase in the number and types of viruses.
Change in increases of unique instances of malware AV-Test.org (2008 research)
Of all the viruses on the Internet, new (unknown) viruses greatly outnumber known viruses, and research reports that new (unknown) viruses now make up 79% of the total (see chart below).
Research period: April 1 to May 12, 2005
Source: “Results of Botnet Investigations” Telecom-ISAC, Japan
Ordinary antivirus softwares use pattern matching techniques, but recently various technologies have been made public that evade these techniques. Additionally, there is an increasing number of viruses that conventional antivirus products cannot detect.
The virus portion is encrypted to evade pattern matching.
Pattern matching is evaded by rewriting the code itself, inserting a meaningless code, or changing the code order.
Packing refers to techniques for compressing in an executable state a file that is to be executed.
This includes UPX (The Ultimate Packer for Executables) and the like.
It has been reported that these days a new virus occurs every 2.5 seconds. Naturally, when these are all registered, the pattern file becomes much larger.
Since updates of the pattern file may not be in time, the frequency of updates in antivirus software is increasing such that some products currently update once every 15 minutes.
There is a tendency for computers to run slower during updates.
If you consider that some software update their pattern files every 15 minutes, but that a new virus appears every 2.5 seconds, it is evident that pattern matching techniques (blacklisting) are reaching their limit in offering virus protection.
AEGISGUARD uses whitelisting, a new technique that takes into account the trends of recent years and offers reliable protection against information leaks caused by viruses.
