avast! releases internet security forensics data from the webs largest malware hunter community
(PRAGUE, April 15, 2010) Researchers at ALWIL Software, providers of the avast! Antivirus program, have released the first set of data from its CommunityIQ, an opt-in sensor program for the 100 million avast! Antivirus users.
CommunityIQ is the worlds first large-scale sampling of online threats. Sensors in the avast! Antivirus program identify malware and infected websites by analyzing suspicious behavior, use of malicious code, and past experience with other avast! users.
The huge numbers of CommunityIQ members create a cloud of sensors that gives us a real-time snapshot of the threats posed by websites across the internet, said Vince Steckler, CEO of avast! maker ALWIL Software. Our cloud gives a huge time-sensitive amount of data on the state of malware and viruses across the web.
Globally, the 1Q2010 set of data includes 252,000 infected domains which were visited and identified through 11.9 million visits by CommunityIQ members.
For UK-based websites, the list includes over 3,000 infected domains. Many of the infected sites all with the co.uk suffix were small businesses or travel sites such as harrysbars.co.uk, glassbasins.co.uk and westminster-london-hotels.co.uk/.
Harrys bars wants to be a hot spot in Dorest, but not for malware infection, and they did have an iframe infection for 30 days. Most of the sites on our list are legitimate places that a normal user would never suspect could be infected but they are, said Steckler. And we know Harrys had an infection due to repeated visits by our CommunityIQ members. Other infections have lasted much longer, such as the 153 days at mystainedglassart.co.uk There are sites on our list mostly adult-orientated that have been designed to spread malware. But, these are the minority. If you look at the total number of user visits, its the ordinary sites that are the most dangerous.
For French-based websites, CommunityIQ members visited over 300 infected domains every day with the .fr (France) suffix, identifying over 3,000 separate domains during the quarter. Three of the most infected sites by number of visitors were ja6.free.fr, asso.fr, and maxio.fr. Free is big attraction for malware targeting French consumers, with over a sixth of the sites pushing malware using the word free in the url.
Every time a CommunityIQ member visits a website, the avast! antivirus installed in their computer performs a rigorous scan and examines the behavior of the site for any infection, viruses, or suspicious activity. If this uncovers malware, avast! then shuts off the connection protecting the users computer and sends data off for analysis.
This anonymous packet of data includes information on the malware type, visited website, and computer applications running at the time of exposure. The data allows the discovery of known infections and provides useful clues through behavioral analysis and cross-referencing of operating systems, service packs, browser data to allow avast! researchers to spot variants and also new threats and possible attack vectors.
By combining reports from individual CommunityIQ members, avast! researchers are able to identify new malware, chart the spread and duration of the infection. Other CommunityIQ data is processed automatically and forms the basis for the daily virus database updates.
The data from the IQcommunity is invaluable as it is based on the real surfing experience of a large sample size, explains Mr. Steckler. Most community members are just average PC users that go online as part of their daily regime. This increases the potential to find and clarify new threats at close to or even at zero day.
avast! will be releasing a detailed CommunityIQ internet security barometer report later in the year which will have detailed statistics on the threat landscape broken down by country and domain as well as information on emerging threats captured by behavioral analyses.
Our goal is to make information from the CommunityIQ freely available to improve overall internet security, adds Steckler, We would also like to thank users within the CommunityIQ for their support and wish them happy and safe surfing.
Infected sites identified in Q120102,149,042 pages
Visits to infected sites by CommunityIQ members
(This does not include attempted visits to blocked sites. Blocked URL visits can reach 3 million daily.)11,876,357 visits to non-blocked infected sites
Infected sites by countryDomains / hits by CommunityIQ members
General (.COM)102,721 / 5,186,345
China (.CN)5,657 / 193,785
Great Britain (CO.UK)3,264 / 38,259
France (.FR)3,244 / 145,581
Russia (.RU)20,639 / 1,230,077
About ALWIL Software
ALWIL Software is the maker of avast! the world’s most popular computer security program with over 100 million registered users. From its headquarters in the Czech Republic, ALWIL Software has developed the award-winning suite of avast! products and localized them into 33 languages. Further details about the company and its products can be found at http://www.avast.com.
avast! is a registered trademark in the United States of America and other countries and is used under exclusive license to ALWIL Software.
Editors for further information, contact:
The Message Machine
+44 1895 631448