60% of new bots pass av scanners unhindered....
Malcreants are adopting their malware so quickly
that av scanners cannot keep up detecting.
Security firm FireEye made a survey of bots,
and how quickly anti-virus software responded.
The results were rather poor, see:
(
http://blog.fireeye.com/research/2008/11/does-antivirus-stop-bots.html )
because as an average scanners leave through 60% of new developed bots unhindered.
The more time elapses the better the detection of scanners get.
Bots that exist for months, are detected at a 70 to 80% rate.
But reality shows malcreants rebuild their creations even after some days.
These are general numbers, as some av scanners will show much better results.
That being so researcher Stuart Staniford thinks the real dtection percentage is even lower as given.
"I think results will be far worse as my timing gets more accurate."
Staniford used VirusTotal for his malware analysis.
This way of analysis is meeting a lot of criticism,
because this way of scanning does not use all security measures,
and features a normal av scanner would use.
That is why polonus has RUBotted and BotHunter installed,
polonus
