Cyveillance Testing: Leading AV Vendors Not Keeping Pace with Influx of Malware and Phishing Attacks

More than half of active malware and phishing threats on the Internet continue to go undetected

August 20, 2009

5 Min Read


ARLINGTON, Va., August 18, 2009 -- Cyveillance, a world leader in cyber intelligence, today announced the availability of their "1H 2009 Cyber Intelligence Report," which reveals that traditional antivirus (AV) vendors and Web browser anti-phishing filters continue to lag behind online criminals when it comes to detecting and protecting against new and quickly evolving threats on the Internet.

Cyveillance testing showed that more than half of active malware and phishing threats on the Internet continue to go undetected, with an average detection rate of 29 percent for malware attacks and 44 percent for phishing threats. In addition, Cyveillance tested two popular consumer phishing protection applications, McAfee's SiteAdvisor2 and Symantec's3 Norton SafeWeb, which only blocked or warned against initial phishing attacks 43 percent and 4 percent of the time, respectively.

"Cyber criminals have become more adept, operating globally and leveraging worldwide resources in order to evade enforcement efforts," said Panos Anastassiadis, President and CEO of Cyveillance. "With the influx of increasingly sophisticated attacks and social networking sites as targets, AV engines are finding it difficult to keep up with and protect against morphing malware and phishing attacks, specifically in the first 24-hour time period when the most damage occurs. Organizations must embrace a combination of reactive and proactive security measures if they intend to stay ahead of today's dynamically changing threats."

In addition to the AV, Web browser anti-phishing and consumer protection application testing, other key findings in the report include: Cyveillance tracked an online "fraud chain" which included malware components that store and serve malware executables, distribute malware to consumers and receive and store confidential information collected from infected computers. o The United States and China continue to host the majority of malware executables representing 33 percent and 21 percent of attacks, respectively, which make up over half of the malware found during the first half of this year. During the first half of 2009, there was an average of over 23,000 unique phishing attacks per month, which makes phishing still one of the top threats on the Internet. Popular consumer applications used for detecting phishing attacks do not provide adequate protection. Initially, Symantec's Norton SafeWeb only blocked/warned against 4.4 percent of phishing attacks and increased to only 5 percent after the first 24-hour period. During the first half of 2009, 200 unique brands were first-time targets of phishing attacks, which represents a 26 percent increase over new brands phished in the second half of 2008.

Anti-Virus Malware and Web Browser Test Results Cyveillance's "1H 2009 Cyber Intelligence Report" includes additional information on their testing of anti-virus vendors and malware Web browser anti-phishing filters.

Malware Cyveillance identifies malware as any type of malicious software application designed to infiltrate computers and is generally implemented without a users' knowledge. An active malware threat is one that has been located on a live Web site within the last 30 days.

Because anti-virus solutions primarily detect known malware, criminals behind the attacks quickly modify them to be more difficult to detect. Cyveillance tested thirteen popular AV solutions4 between May 12 and June 10, 2009 to determine their average daily detection rate of known malicious files. The results show that these popular solutions detect less than half of the latest malware threats identified by Cyveillance.

Phishing Phishing is a social engineering scam that relies on both technology and human interaction to carry out online fraud and identity theft.

To better understand the daily risks consumers face from phishing attacks, Cyveillance test sampled unique and confirmed phishing. To measure the effectiveness of some of today's leading consumer anti-phishing solutions, Cyveillance fed these confirmed live attacks through four of the most widely used anti-phishing browser-based offerings5. The data was fed into each solution and then again 24 hours later to determine detection rates over a minimal period of time. The results show that the Web browsers' anti-phishing protections detect an average of 44 percent of phishing attacks when they are initially launched. After 24 hours the average increases to a 78 percent detection rate.

All figures and statistics in the Cyveillance "1H 2009 Cyber Intelligence Report" are actual measurements rather than projections based upon sample datasets. The cyber intelligence included in this report includes data collected and analyzed between January 1 and June 30, 2009, except where otherwise noted. For more information about Cyveillance's research findings, please visit:

About Cyveillance Cyveillance, a world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data Partners " protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 30 million global consumers through its partnerships with security and service providers that include AOL and Microsoft. Cyveillance is a wholly owned subsidiary of QinetiQ North America. For more information, please visit or

Cyveillance's comprehensive monitoring technology continuously sweeps the Internet " monitoring and collecting information from over 200 million unique domain name servers, 150 million unique Web sites, 80 million blogs, 90,000 message boards, thousands of IRC/Chat channels, billions of spam emails, auction sites, bot networks and more. This approach yields the discovery of more than 100,000 new sites each day.

2McAfee and SiteAdvisor are registered trademarks of McAfee, Inc. Corporation Delaware

3Symantec is a registered trademark of Symantec Corporation Delaware

4Vendors tested included F-Secure, Kaspersky, McAfee, Sunbelt, Sophos, Trend Micro, Dr. Web, AVG, Eset Nod32, F-Prot, Virus Buster, Norman and Symantec.

5Vendors tested included Firefox, Safari, Chrome and IE7.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights