Sign up to our newsletter
The latest security news direct to your inbox
I was asked about malware infection in the UK (especially with reference to Conficker), and(a) if the situation is really as bad as we, the AV vendors make out, and what the real infection rate is; and (b) whether government and ISPs etc could do more to help. You can now find a link here (http://www.guardian.co.uk/technology/2009/nov/04/malware-pc-security-antivirus) to the piece that Jack Schofield (of the Guardian newspaper) was writing on the topic. However, I thought you might be interested in my original answer on that point, at any rate if you're in the UK.
ESET normally avoids giving out absolute numbers as they're too prone to be misleading or misinterpreted, since we can't say how they compare to the entire population of the Internet. (Not that it stops other companies giving "authoritative" statistics!) I can say that our lab gets over 100,000 unique malicious binaries a day from Threatsense.Net®, a mechanism for sending in samples from machines running ESET products that detect malware. Obviously that's a global figure, not the UK: I don't have a figure for that.
However, we can give percentage figures that give an idea of which malware (and other suckware) is scoring highly regionally. If you want to compare these figures with the results we got globally in October, they're at http://www.eset.com/threat-center/threat_trends/Global_Threat_Trends_October_2009.pdf, Note, however, that this is a slightly "apples and oranges" comparison: for a number of reasons, we don't list the global top ten in the monthly report in quite the same way. For instance, nuisance applications that aren't necessarily technically malicious are filtered and some closely related detection statistics are consolidated to show the underlying trend more clearly.
I don't think there's much that governments can do on a legal/governance level (some have some catching up to do, though). The vendor research community does work with law enforcement and even intelligence services to a greater extent than you might suspect, and I wouldn't want to play down the importance of that co-operation. Some ISPs do make a serious effort to block malicious URLs, which are a -major- cause of infection, but they come and go hydra-like. It does help that AV vendors recognize a high percentage of malicious binaries once they're downloaded to a protected system (whereas detection on the site or during download tends to be highly resource intensive). However, I don't think there's a single, easy solution: anti-malware is only one layer of remediation.
Just to give a little global perspective, the data I drew on here suggest that the threats detected by ESET-protected machines in the UK over October represented about 0.44% of the binaries submitted by all the protected machines in the world, and 1.61% of them were unique to the UK.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET