Average Life of Malware?

Discussion in 'malware problems & news' started by Osaban, Sep 2, 2011.

Thread Status:
Not open for further replies.
  1. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Is there any data about this topic? Can we expect an infection that was created say 5 years ago? Sorry the title should have read 'Average lifespan of Malware'.
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Hi, for some time now, & in a lot of cases, the lifespan can last just hours or less :eek: There are several blogs etc about it, including one this week, but right now i can't remember the link :( If i do i'll post it for you.

    Re from years ago.

    Yes it's possible, because believe it or not, Many AV etc vendors still havn't got round to analyising Tons of malware released in the last 5 - 10 years. That's because around 5 - 6 years ago they got caught with their pants down when malware really started taking off Big time. Every year since then has seen a bigger & larger explosion of ALL manner of nasties, & they have become Much more sophisticated. That's why heuristics etc got coded into Antis, which can help, but it's still an increasing nightmare for the vendors to Try & keep up.

    Of course the OS & Apps etc have also improved, but not everybody out there knows about Many of the Apps available to them :( And millions of people around the world still get infected, even with Vista & W7 :p
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    While I don't have data, my opinion and personal experience is that malware stays "alive" for as long as it has a target and it is practical. For instance, 5 years ago, XP wasn't completely ancient, and malware was written for XP almost exclusively. Today, it is ancient, yet still widely used, so malware written for it is very much still useful. Malware authors count on you not updating your programs, and most people won't (the "it's working fine here" crowd).
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    As with dw, I have no data, but I personally would say a rather short lifetime. From the malware I've seen most of it stops working sometimes after hours and usually after a few days - though I have seen malware weeks old (rarely.)
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I think it also depends on if you consider new variants of a certain piece as "new" period. I personally don't see it that way. There is still plenty of malware out there circulating from months to even years ago. All one must do is hop on to any P2P network, and, you can ever still find them on the web itself. If we're talking zero-days, then I agree with Hungry. But even they can linger on if spread. It also depends on the kind of malware as well, I'm sure.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Yeah, you can certainly find some older malware on p2p sites that just never goes down because it's being hosted by sites that don't check/ care.

    But I'd say the majority of malware needs to keep up with exploits/ being blacklisted/ being taken down so most of it refreshes often.
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Interesting, when we consider the database of a scanner (any known name) how far back does it go? MBAM for example is excellent against very recent malware, does it mean it won't detect something very old? When AV Comparatives test products on demand they use hundreds of thousands of malware, are they still circulating? As far as I know they don't tell you the age of malware.
     
  8. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i always thought blacklisting was a lost cause.
    you just can't win at that game.

    i still use hitman and virus total to scan the odd few downloads though.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I'd have to agree that it is in fact a lost cause.
     
  10. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Here's nosirrah from MBAM...
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    I read a blog post from sophos awhile ago that identifyed that there is still alot of old malware around because people are using very outdated versions of antivirus programs.
     
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    I think most agree that modern malware lasts for 24 hours or less. One of the reasons being the URLs where they are hosted get pulled or the authors move on to somewhere else. In fact, the latter is more likely as they're trying to avoid detection. This is where the cat-and-mouse game ensues.
     
  13. guest

    guest Guest

    (the "it's working fine here" crowd)

    Even if you do update your software it will be broken again in no time
    what I think is even more important is a sure fire way of
    KNOWING that you have mare-ware on your computer
    I use a few older programs simply because I like them better than the
    updated one, I don't worry about it because I make sure my system is clean
    will this work all the time? probably not, but updated software is not foolproof either
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.