Malware Threat Reports Fail to Add Up

From: http://www.infosecurity-us.com/view/6314/malware-threat-reports-fail-to-add-up/ The Dec malware danger reports are trickling in from vendors â€" and they every materialize to be different. Fortinet, Sunbelt Software, and Kaspersky every published their lists of the most current malware strains for the terminal period of 2009, but they didn't match up, directive to an admission that users will needs be confused by the results.For example, in its malware inform for terminal month, Fortinet said that W32/PackBredolab.C!tr topped the charts of malware variants perceived in December, accounting for two-thirds of malware activity in December. It was a newborn entry to the malware table, the consort said.Kaspersky highlighted three versions of the Kido worm, known more popularly as Conficker, in the crowning three slots of its possess malware danger inform for December. Sunbelt traded Trojan.Win32.Generic!BT in the crowning malware slot as conception of its possess report, with nearly 20% of the activity for December. A hurried scan of the other crowning 10 malware entries for apiece consort reveals some if some matches."Comparing the monthly statistics from assorted anti-virus companies is genuinely comparing apples and oranges," said Tom Kelchner, Sunbelt Research Center manager. "What digit consort detects and identifies as a specific, titled example of malcode, added haw notice generically."He argued that antivirus companies hit tried to ingest ordinary obloquy for malware that they find, but that the complex nature of antivirus analysis, combined with the pace of the process, has made it nearly impossible to impact together."Naming gathering is digit thing. But I conceive the main difficulty these life is the artefact in which spotting techniques hit shifted," said Roel Schouwenberg, grownup antivirus researcher, Kaspersky Lab."The shift in spotting techniques make naming harder and grouping of malware completely different."Axelle Apvrille, grownup ambulatory AV analyst and researcher in the Fortinet EMEA danger salutation team, said that the time window for detections is added reason for the disparity in results. "Even if, globally, Sunbelt, Kaspersky and us connexion the aforementioned threats, this haw not be genuine when we consider brief time frames (such as a month)," he said."It's hard for users, not being healthy to connexion aggregation on something under digit name," noted Joe Stewart, administrator of malware research at managed security consort SecureWorks. Because anti-malware vendors are also competitors, they hit little motivator to impact unitedly on normalizing obloquy and spotting techniques, he pointed out. "I don't conceive that there's some solution in sight, because there are so many factors that endeavor into it. Because of the artefact that the business works, you can't impact around them likewise well."In short: is there a difficulty with the user confusion over danger tables same these? Most definitely. Can we cipher it? Apparently not.