(Techworld.com) A new analysis of botnets has come up with a possible reason for their prodigious ability to infect PCs: Many antivirus programs are near to useless in blocking the binaries used to spread them.

According to FireEye chief scientist Stuart Staniford, detection rates are so poor that, on average, only around 40% of security software can detect binaries during the period of greatest infectivity and danger, namely the first few days after a particular variant starts being used by botnet builders.

In a detailed blog, he describes how he uploaded a sample of 217 binaries culled from FireEye appliances in customer premises between September and November to the independent VirusTotal test Web site. This runs 36 antivirus programs -- a representative sample of the security programs used by businesses and individuals -- giving researchers access to data on getting statistics on how many malware binaries have already been uploaded to the site by other researchers, when they were uploaded and how many were detected by each program.


More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121901&source=NLT_SEC&nlid=38