Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

CommunityIQ Data Released For Online Threats

Avast Software : 16 April, 2010  (Technical Article)
Avast! Antivirus user community contribute to understanding of evolving web threats with first results published from malicious code sampling
Researchers at ALWIL Software, providers of the avast! Antivirus program, have released the first set of data from its CommunityIQ, an opt-in sensor program for the 100 million avast! Antivirus users.

CommunityIQ is the world's first large-scale sampling of online threats. Sensors in the avast! Antivirus program identify malware and infected websites by analyzing suspicious behaviour, use of malicious code, and past experience with other avast! users.

"The huge numbers of CommunityIQ member's create a "cloud" of sensors that gives us a real-time snapshot of the threats posed by websites across the internet," said Vince Steckler, CEO of avast! maker ALWIL Software. "Our cloud gives a huge time-sensitive amount of data on the state of malware and viruses across the web."

Globally, the 1Q'2010 set of data includes 252,000 infected domains which were visited and identified through 11.9 million visits by CommunityIQ members.

For UK-based websites, the list includes over 3,000 infected domains. Many of the infected sites - all with the co.uk suffix - were small businesses or travel sites such as harrysbars.co.uk, glassbasins.co.uk and westminster-london-hotels.co.uk/.

"Harry's bars wants to be a hot spot in Dorest, but not for malware infection, and they did have an iframe infection for 30 days. Most of the sites on our list are legitimate places that a normal user would never suspect could be infected - but they are," said Steckler. "And we know Harry's had an infection due to repeated visits by our CommunityIQ members. Other infections have lasted much longer, such as the 153 days at mystainedglassart.co.uk There are sites on our list - mostly adult-orientated - that have been designed to spread malware. But, these are the minority. If you look at the total number of user visits, it's the ordinary sites that are the most dangerous."

For French-based websites, CommunityIQ members visited over 300 infected domains every day with the .fr (France) suffix, identifying over 3,000 separate domains during the quarter. Three of the most infected sites by number of visitors were ja6.free.fr, asso.fr, and maxio.fr. "Free" is big attraction for malware targeting French consumers, with over a sixth of the sites pushing malware using the word free in the url.

"Every time a CommunityIQ member visits a website, the avast! antivirus installed in their computer performs a rigorous scan and examines the behaviour of the site for any infection, viruses, or suspicious activity. If this uncovers malware, avast! then shuts off the connection - protecting the user's computer - and sends data off for analysis.

This anonymous packet of data includes information on the malware type, visited website, and computer applications running at the time of exposure. The data allows the discovery of known infections and provides useful clues through behavioral analysis and cross-referencing of operating systems, service packs, browser data to allow avast! researchers to spot variants and also new threats and possible attack vectors.

By combining reports from individual CommunityIQ members, avast! researchers are able to identify new malware, chart the spread and duration of the infection. Other CommunityIQ data is processed automatically and forms the basis for the daily virus database updates.

"The data from the IQcommunity is invaluable as it is based on the real surfing experience of a large sample size," explains Mr. Steckler. "Most community members are just average PC users that go online as part of their daily regime. This increases the potential to find and clarify new threats at close to or even at zero day."

avast! will be releasing a detailed CommunityIQ internet security barometer report later in the year which will have detailed statistics on the threat landscape broken down by country and domain as well as information on emerging threats captured by behavioral analyses.

"Our goal is to make information from the CommunityIQ freely available to improve overall internet security," adds Steckler, "We would also like to thank users within the CommunityIQ for their support and wish them happy - and safe - surfing."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo