75% of Malware Uploaded on 'No-Distribute' Scanners Is Unknown To Researchers (bleepingcomputer.com) 6

Posted by msmash from the security-woes dept.
Catalin Cimpanu, writing for BleepingComputer: Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown, US-based security firm Recorded Future reports, to security firms and researchers for longer periods of time. Although some antivirus products will eventually detect this malware at runtime or at one point or another later in time, this leaves a gap in terms of operational insight for security firms hunting down up-and-coming malware campaigns.

  • So the title and summary make absolutely no sense. I read the article and they're saying that virus scanners that don't share malware samples with other companies do in fact not share malware samples with other companies? Reeeeeeeally? You don't say.
  • Can we at least have a summary that's actually a summary of the article and not that poorly written first paragraph which comes off as so much techno-babble?

    A multiscanner is a service like Google's VirusTotal that aggregates antivirus (AV) scanning engines into one big melting pot, allowing users to upload a suspicious file and scan it simultaneously on all the AV engines hosted on the service.

    If at least one of the multiscanner's engines finds the file suspicious, the service shares the result among all AV companies, allowing cyber-security firms insight on new types of malware that their engines are not currently detecting.

    On the other hand, a no-distribute scanner is a service similar to a multiscanner, only that its operators modify the AV engines so they cannot report back to their respective vendors, hence limiting their ability to see the malware uploaded on such a service.

    Although I'm not really sure what the article's point is - that no-distribute scanners are mostly used by criminals and therefore should have an open API? That's like saying speakeasy's during prohibition should've posted their locations on local walls so everybody could share the info!

  • Is this article basically about the fact that people making malware are making more of it then is caught by the average virus detector? Is there a useful quantification here perhaps? not my greatest area off expertise but maybe I missed something.

    • Re: (Score:2)

      by swb ( 14022 )

      That was my first thought, but upon closer(?) reading it sounds like "security researchers" aren't getting informed of these submissions because some of the scan engine owners are holding back the data.

      I'm trying to decide if "security researchers" means actual people with that as some kind of job title or whether it's small fries who have lost their free data feed.

  • Which of course highlights the futility of modern antivirus software. Malware writers will keep tweaking their code 'till Norton, Avast and McAfee check out. This makes the malware undetectable for most users. I just use Windows Defender (solely because it doesn't install any nasty kernel drivers that mess up the OS) and I just don't download unsigned junk or stuff from dubious vendors... Yes I pay for software now...

