X

Today's computers face more attacks than ever

More malicious software has been created in the past 2 years than in the previous 10 years combined.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
3 min read

CBS

Nestled into a storefront at the top of San Francisco's tree-lined Valencia Street is one of the city's top defenses in the war against malicious-software infections: a computer repair shop owned by Del Jaljaa.

People bring their infected computers to Jaljaa's San Francisco Computer Repair store 5 to 10 times a day, desperate for help restoring their devices to working order. In the past few years malware has grown to be about a third of his business. "It's our bread and butter," he said.

Getting computer infections more often? You're not alone.

Infections from malicious software -- harmful code that's also known as malware and that includes things like computer viruses and worms -- are keeping repair specialists like Jaljaa busy, thanks in part to an exponential rise in the types of malware hitting PCs. Malware detections by AV-Test, a company that tests the effectiveness of antivirus software, spiked in 2014 to more than 143 million, up 72 percent from last year, according to a report released Thursday.

To put that in perspective: there was more malware found over the last 2 years than in the previous 10 years combined.

Other malware watchers, such as security-software makers Malwarebytes and Kaspersky, have noticed similar trends.

Kaspersky saw four times more mobile malware attacks in 2014 than the year before, said Patrick Nielsen, a researcher with the company.

For years, antivirus software blocked malware based on the malicious software's code. But would-be hackers found a way around that: They can buy or freely download malware code; then change just a few pieces of it. Suddenly, the code is invisible to the antivirus programs, and free to wreak havoc.

It's not unlike plagiarizing grade-school homework, said Timo Hirvonen, a senior researcher at security-software maker F-Secure. "It's as easy as removing a word or adding a letter to a Microsoft Word document," he said. As a result, malware is changing so often that it's getting harder to stop.

The security industry has attempted to find an answer. One of the newest techniques is to keep track of how malware behaves and what it tries to do. Imagine malware that attempts to copy your online-banking password: any file doing this would be tracked by these new security tools.

nbz-r3bawgzx88dhcqbdb08ucpxt0uhkthy7doog1afplwsktzwxvw1h-xttttasua7kki9fft0zaqiulsol3zmoisbg5-w1566-h645.png
Data from AV-Test shows malware attack rates spiking. AV-Test.org

Even then, however, security researchers say they're barely keeping their heads above water.

"At the pace we're going, that's just not feasible [to defend against] anymore," said Jérôme Segura, senior security researcher at Malwarebytes.

The escalating game of cat and mouse has even entered the world of cryptography. Hackers are jumbling the code of their malware to avoid getting caught, using the same techniques companies use to protect sensitive files.

Avoiding "shady websites," as Nielsen put it, isn't enough in an age when malware can be delivered by ads on legitimate sites like Yahoo News.

So should we just swear off computers forever?

Jaljaa, the computer-repair-shop owner, said there are simple things people can still do to keep themselves safe. Users still need to install antivirus and other security tools, as they've been doing for years, he said. But they should also make sure to keep all their software up to date.

And if you do get a malware infection you can't get rid of? Well, there are always people like Jaljaa to bail you out. But it'll cost about $130.

Correction, 6:14 p.m. PT: Kaspersky's Patrick Nielsen clarified the security-software maker's estimate of the increase in mobile malware attacks from 2013 to 2014. He said the company saw a four times increase from year to year. The story has been changed to reflect this.