Good vs. Evil?
Bad guys' use of sites such as VirusTotal can have a hidden benefit. After online thugs submit a sample, VirusTotal can sometimes share it with security companies, which can then update their programs to block the new malware. But the site permits users to opt out of having their samples submitted to antivirus vendors. VirusTotal says it offers the option so that people can scan sensitive files at the site without having them broadcast to companies.
Some well-organized criminal groups go a step farther and "maintain their own antivirus setups, almost like their own VirusTotal," according to Don Jackson, senior security researcher with the security services firm SecureWorks.
Keep Your Guard Up
Jackson says the opportunities for prerelease testing make for harder-to-catch malware--and underscore why smart PC users should never assume that their machines are immune to attack. For example, almost every day, SecureWorks sees new variants of the PRG Trojan horse made with a particular kit. And when the new versions first appear, usually only 25 percent of antivirus scanners detect them, he says.
As bad as all of that might seem, don't throw in the towel and resign yourself to the inevitability of infection. For one thing, antivirus programs can do very well once their creators learn about a new sample. When fully updated and pitted against PC World partner AV-Test's "zoo" of 675,000 Trojan horses, keyloggers, and other malware, the best-performing security suites detected 98 percent of them.
And security companies are aware of the challenge they face in keeping pace with nimble online thieves. McAfee and Symantec are focusing on additional layers of security, including firewalls and behavioral scanners, which detect malicious software based on its behavior rather than on a signature match.