How many viruses are created by Anti-virus companies?

A commentary by Christian Mairoll, CEO of Emsisoft

Background


As CEO of an Anti-virus company my friends and acquaintances often ask me “Who writes all these viruses?” and often hidden behind this question is the serious accusation of “You write them yourself, just to drum up business!”.

If only it were that simple… The reality, however, is very different. Apart from the fact that doing so would be morally reprehensible and also illegal, it is actually quite simple to prove that it’s technically impossible for Anti-virus companies to manufacture the sheer volume of viruses produced.

Cost/Benefit analysis

Today’s Viruses, Trojans and Bots are the result of an enormous amount of programming work. Intentionally and unintentionally released source code only allows a rough estimate of the original effort required, but one can easily assume that every new genus of Malware is the result of at least 1-3 months of programming work. New variants that are further developments of old Malware are of course easier to produce.

At Emsisoft, we add around 30,000 – 50,000 new Malware signatures (fingerprints) to our detection database every day, i.e. roughly half a million each month. Historical developments indicate that the number of new threats doubles each year. Emsisoft Anti-Malware currently has 13 million signatures in its database. This also includes many signatures that detect variants of the same Malware using generic detection, so the total number of signatures is less than the actual number of Malware programs.

If I was the CEO of an evil Anti-virus company I would first need a new employee to write a Virus in the first place. I would also need someone for further development and maintenance, to protect my investment by ensuring that the Virus will still run on future operating systems. Once development of the Virus is finally complete, it would then be released into the wild and entered into the detection database of our own Anti-virus software.

Great! In one month we have only managed to build one new Virus – one single Virus among 500,000 others this month.

By now, it should be clear to everyone that it simply makes no commercial sense for us to write the Viruses ourselves. The advantages obtained by the detection of one extra piece of Malware against the sheer unbelievable volume released each month are simply too low. Even when the cost of hiring programmers in low-wage countries is very cheap, it is absolutely certain that no Anti-virus manufacturer could afford to do this. Even put together, all the Anti-virus manufacturers in the world wouldn’t be able to generate the current volume of new Malware.

Well, who is writing all this new Malware then ?


Alas, there are people who can earn much more money writing Malware than the Anti-virus industry ever could by writing their own Malware.

A decade ago these programs were mostly written by hackers wanting to test the realms of possibility, but today an enormous amount of criminal energy and hard-core commercial enterprise lies behind most Malware. A centrally controlled network of several thousand hijacked PCs (a Botnet) can be used in variety of different ways. This massive amount of computing power can be hired as a package for a variety of devious purposes: For sending Spam and Phishing emails, for coordinated webserver overload attacks (DDos) in order to blackmail companies or as a proxy server network for hiding the traces of illegal activities. The largest detected Botnets such as Conficker, Rustock or Cutwail had over a million of these “Zombie” computers available.

Other Malware authors attempt to convert their work directly into hard cash by encrypting important personal information and then demanding ransom money for decrypting the data (so-called Ransomware). Some Malware is directly targeted at specific companies or systems, for instance the sabotage attacks on the Iranian nuclear energy program using the Stuxnet Malware in late 2010.

Anti-virus = Virus

Another reason for the rumor that Anti-virus companies write the Viruses is the increase in the number of fake Anti-virus products (so-called Rogue Anti-virus software). The authors of this type of Malware use names that are similar to well-known Anti-virus brands to trick users into installing software that only pretends to detect Viruses. Fake detections are then used to urge the customer to purchase a “Full version”.

Conclusion

As you can see, there are plenty of incentives for Malware authors to write new malicious programs. All of these incentives share one thing in common: They offer far greater rewards than the Anti-virus companies could expect from writing their own Viruses. Quite apart from the fact that it would only take one public example of this type of activity to result in a legal, commercial and media disaster for an Anti-virus manufacturer.

There is also the argument that Anti-virus companies depend on the work of the Malware authors. This may be true, but our intentions lie at the opposite end of the moral spectrum and we are always doing our best to make the Internet a safer place.

 

Have a nice (Malware-free) day!

Christian Mairoll – CEO

www.emsisoft.com

From our Blog

  • Mj

    I had always wondered this, thanks for clarifying. Gaining my trust here. :-(

  • Pingback: Trackback()

  • Pingback: Trackback()

  • Pingback: Trackback()

  • Pingback: escort vegas()

  • Pingback: Trackback()

  • Pingback: Trackback()

  • Pingback: Vulnerabilities in Oracle Java Cloud Publicly Disclosed | Emsisoft Blog()

  • Pingback: Vulnerabilities in Oracle Java Cloud Publicly Disclosed - AhelioTech()

  • NatBe

    You make a lot of sense… I am interested in getting into computer security professionally … It would go against the whole motivation for getting into computer security for me to start creating viruses for personal gain. Thanks so much for explaining all of that.

  • Robert Coley

    What a great read that was!!

  • Robert Coley

    What a great read that was!!

  • Ixscoerz

    All the times I’ve heard that antivirus companies write the malware to gain more users makes me scoff. I know there are grey hats out there that work on both sides of the fence but most white hats and security sites such as Emsisoft/Wilders/whichever don’t ever lead on that such things are done by said companies. Most of the time they get the idea because of the fake antivirus/malware/whatever that are floating around. Thanks for putting this article up and clarifying the true nature of these criminals and criminal organizations out there that write malware.

    • Mariska

      You are absolutely right, but you would be surprised how many people actually wonder this, which is why we initiated this blog post. Thanks for your insight and comments on our blog posts :)

  • Pingback: porn()

  • provguard

    Stay away from Avast if you fear ransomware!!! Nasty company!!!

    • Neven Raj

      May I know why

      • provguard

        They cost me $171.00 to get my computer back to work. Something to do with “conduit”? I had Avast for quite a while till this happened. I was getting near the end of my yearly contract and I was looking around to see if I could find an anti-virus that didn’t slow my machine down so much. Digital River somehow took over….

        • Neven Raj

          Did you find the Antivirus

          • provguard

            Yeah they did, but told me it would take $171 to get it out!

          • Neven Raj

            May I know your current Antivirus Engine. Thanks

          • provguard

            Emsisoft and McAfee..

          • Syb Badger

            I know its too late for you but to remove conduit run the FREE versions of JRT (junkware removal tool) and adwcleaner, i have been using those for years and they work every time.

            Sadly Avast support seems to be limited to doing a clean install of avast and scanning again :( very unhelpful to say the least. Mabe they are going down the same road Nortons av took years ago and we all know what that did.

          • Neven Raj

            May I know what do they did :)

      • I don’t know about his reasons, but Avast has become nagware over the years. There are also a lot of allegations against them in the past couple years that I have yet to dig into to determine their veracity. I’ve switched to AVG and I find that that’s also nagware… I guess this is what’s become of the anti-malware software world.

  • Ayush Singh

    Thanks!

  • Nicholas Staines

    Newest comment. Peace. “subriced” to this blog. Old joke people made guys!! :)

  • BlogALiving

    I think this idea started back in the 90s, when there were fewer viruses and AV software was kind of new, at least to most consumers. Then there were stories about companies like Norton hiring malware writers to help them make better AV software, but that started the conspiracy theory: were these AV companies trying to create a market for their own products by actually creating viruses themselves?

    Even if that sounded plausible to some people back then, it shouldn’t now. We are drowning in viruses. There is so much legitimate need for an AV that can actually block them, that AV companies have no incentive to work on anything but improving their product.

  • Lavone Minyard2

    Thoughtful analysis ! Speaking of which , you a a form , my kids saw a blank document here http://goo.gl/MzFvJV

  • Malware would go completely obsolete if Windows would prohibit software from running in secret or beyond its control, and give the end user complete control over itself and the software running in its environment.

    Why, then, do they NOT do that? Well… It would put you guys out of business if they did, wouldn’t it? And that brings us around to your first question. And the obvious consumer’s question: Cuo bono?

    And that’s when I realise how stupid I was not have never seen this before. Of COURSE you write the malware, and you give Microsoft kickbacks to allow it to run on unprotected Windows machines. And all it took for me to see it was coming up with a one-size-fits-all anti-malware solution.

    I’ve been an idiot all this time, but then no one has ever lost money banking on the stupidity of the public. My realisation is no doubt not the first and won’t be the last, and you guys will continue writing viruses and colluding with the OS’s to allow them. in spite of the fact that you’ve already been exposed.