When Does it Stop?

-- Why is there still street crime? Could there be a conspiracy between the police / justice system and the criminals? Both would be out of a job if they stop, right? --

Why above analogy? The similarities between street crime and cyber crime are that criminals can get away with the crime without being punished. It's rewards are greater then the costs. Due to the slow response by governments, cyber crime can be very lucrative. Nothing sinister there.

We can never exclude the possibility that something is going one, but for me this idea falls in the same category as the scientific notion that something can never be proven for 100%.

 

I'd agree SSK --- Definitely no conspiracy here.

 

I disagree with a lot of this. Take a rather well known malware distribution network (at least to the AVs) like dollar revenue - these guys are constantly updating their malware, and quite often it takes weeks to get the new samples added, by which time they've often updated them again.. Same with the Zlob trojan downloaders (many are updated on a daily basis), same with the Smitfraud junk. These are not low profile malwares flying under anyone's radar, yet try getting them added in a timely fashion. IMO, I'd say it's not an unreasonable estimate that 80% of AV products don't detect 80% of viruses within the first few days of release, but it's always the other 20% of high profile cases that make the headlines that we hear about. If you don't believe me, just take a look at one of the common Zlob trojan downloaders and run it through VirusTotal or Jotti's and try and tell me that every AV isn't aware of these.

WRT websites getting hacked and hosting zero-day (or other, JavaScript, for example) exploits - it's not the high profile websites that concerm me so much (like google, msn etc) as they probably have good security, but the small guys who maybe only get a few thousand hits per day - in a week they can easily infect 10,000 machines. And it's often the same type of sites getting hacked - travel agents, estate agents, small groups/organisations etc that pay for basic web design/hosting but have no technical knowledge about how to secure their sites. These are the examples it's almost impossible to defend against.

There may have been basis for a conspiricy theory in the beginning, to hype the market (even talk of a conspiricy would have given a fledgling AV industry exposure), but today I think it's more a case of AVs being overwhelmed with the sheer volume of new samples - I'm betting there must be 100's of new samples every week (and growing exponentially) and I really don't know how the smaller vendors with fewer analysts expect to keep up. Hence why we are starting to see a shift away from purely signiture detection based methods towards heuristic and behavioural detections.