Malware trends 2017

04/10/2017
G DATA Blog

We've done some counting for 2016 and the first quarter of 2017. Here is the first part of our malware statistics for the past and the current year.

Ever since viruses, worms, and Trojan horses were counted, the number of new malware has increased. But it looks like this tradition is broken. AV-Test one of the most renowned test institute for Anti-Malware products, houses one of the biggest malware collections worldwide. They publish the number of new malware files in their statistics. In 2016 the number of new malware is about 127 million, and it is for the first time in history lower than in the previous year (144 million). With about 22 million new malware samples in the first quarter of 2017 it looks like the number of malware files will continue to decline. 

The way we count malware is not based on files, but on common properties of the malware's code as it is covered in signatures. The number of such malware specimen in 2015 was lower than in 2014. This is in line with the trend of the file counts. 2014 was an exceptionally productive year though, and we assumed that it was an outlier. Our numbers for 2016 and the first quarter of 2017 support this assumption. 

In 2016 we counted 6,834,446 new malware specimen. This is an increase of 32.9%. On average this is 780 per hour. And this trend is continued in the first quarter of 2017. The 1,852,945 new malware specimen are 72.6% above the figure a year before. With an average of 858 per hour this is 10.0% above the average of 2016.

Malware categories

Looking at the types of malware shows a familiar picture. The vast majority of malware is categorized as Trojan Horse and comprises typical malicious activities like downloading and dropping files, spyware, keyloggers and password stealers, integration into botnets and conducting distributed denial of service attacks (DDoS). Position two is held by adware. In 2016 it accounts for 4.9%. The share of adware increased to 13.9% in the first quarter of 2017. This is in line with findings of otherresearchers. A sharp rise could also be seen in ransomware. Its number increased more than ninefold from the first half of 2016 to the second. Moreover, the number of the latter half of 2016 was almost achieved in the first quarter of 2017. All in all, the total volume of ransomware was hardly detectable and vanishes in the flood of other malware. Nevertheless, the few ransomware families caused quite some stir. We will elaborate on malware in one of our next blog posts.

Malware platforms: Windows, Windows, Windows, ..., scripts, and macros

The predominant platform for malware is still Windows. It covers 99.1% of the malware specimen. Trailing behind are scripts, Java applets, macros and other operating systems like OSX, Android, and Unix/Linux.

  • The number of new malware is still rising.
  • No big changes in terms of malicious activities of Trojan horses
  • The number of adware is increasing
  • The share of ransomware is growing substantially. In the general flood of malware it is hardly measurable.