Over the past year, security researchers have scanned over 27 billion URLs, 600 million domains, 4 billion IP addresses, 20 million mobile apps, 10 million connected sensors, and took a look over 9 billion file behavior records.
According to the experts, in 97% of all detections, malware is unique to the system it infects, even if, at its core, in many infections, it’s the same malware variant.
The researchers claim that malware operators are intentionally using a technique called polymorphism that alters the malware’s binaries in a way to generate unique executables.
This technique is old, and can be applied on the server, from where the malware is distributed, before packaging it for each victim, or on the client’s side, where the malware changes itself with each new infected victim.
The technique which is known as “polymorphism technique” produces new signatures for each new malware infection, and it may be the reason why other cyber-security companies are reporting seeing new malware numbers in the range of billions per year and millions per month.
“This tactic poses a major problem to traditional security approaches, which struggle to discover singular variants, let alone do so in time to stop data breaches and other compromises,” security experts claim.
“While polymorphic malware has been around for over a decade, it is now the norm for nearly all threats today,” Grayson Milbourne, Security Intelligence Director says.
Two years ago, the experts reported an average of around 700 file instances per malware family, and nearly 30,000 file instances per PUA (Potentially Unwanted Applications). While last year, the same experts said they saw less than 100 file instances per malware family, and around 260 file instances per PUA.
Currently, one thing is certain – the use of polymorphic distribution models makes detection of all variants very difficult.