Security Analysts Disproportionate in their Investigation of Malware

The forms of malware most frequently investigated by security analysts are not actually the most widespread ones used by cyber-attackers, according to a new study by Kaspersky. It revealed that whilst Backdoors (24%) and Droppers (23%) are amongst the top three most commonly sent free requests to the Kaspersky Threat Intelligence Portal, they only make up 7% and 3% of all malicious files blocked by the Kaspersky endpoint products, respectively.

The Kaspersky Threat Intelligence Portal is a means to help analysts to better understand the background of an attack following the detection of malicious activity in order to develop effective response and remediation measures.

Anonymized statistics from the portal show that 72% of the free requests sent related to three categories: Trojans (25%), Backdoors (24%) and Droppers (23%). Although figures from the Kaspersky Security Network demonstrate that Trojans are indeed usually the most widespread type of malware, the amount of Backdoors and Droppers are nowhere near as frequent as these requests would suggest.

The reason for this disparity is believed to be because researchers are often interested in the final target of the attack, whereas endpoint protection products aim to prevent attacks at an early stage, before they reach the user’s computer.

Kaspersky added that researchers could also be interested in analyzing certain kinds of threats in extra detail due to factors such as their novelty and media coverage.

Denis Parinov, acting head of threats monitoring and heuristic detection at Kaspersky, said: “We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses, or pieces of code that insert themselves in over other programs, is ex ..

Support the originator by clicking the read the rest link below.