One of those terms that get bounced around a lot, in discussions of malware is whether that threat is \u201cin the wild.\u201d But what does that actually mean? If your thoughts go to Jaques Cousteau or Mutual of Omaha\u2019s Wild Kingdom, you\u2019re on the right track. It\u2019s meant to differentiate from malware that has affected real people\u2019s machines and threats that only exist \u201cin the zoo\u201d: that is to say, only in research labs.<\/p>\n
Once upon a time, there was an independent organization that was called the Wildlist, which produced a report by the same name. Every month, a list was compiled of all the viruses (not Trojans yet) that had been reported to their list of reporters. The Wildlist reporters were trusted researchers from around the industry \u2013 not just from AV vendors, but also from companies that had a good view into what was affecting corporate as well as home users.<\/p>\n
To make the \u201cmain list,\u201d a threat had to be reported at least two times to two separate reporters. Reporters would note how many times viruses were reported to them, and in what countries, for every threat they encountered more than once. They would take and replicate the virus samples to verify that they were valid infections (and so that the sample would be in a neutral, standard file without user-info attached, if possible). Then they would send this collection in every month. The idea is that this would create a fairly representative list of what was affecting users.<\/p>\n
There were plenty of threats that did not make the main list because they were not reported twice. These would be noted on the Extended Wildlist. But you\u2019ll note, this did not include everything a reporter received only once. The list was not meant to be exhaustive because there are always plenty of cases of infections that exist only on someone\u2019s machine that was stored in some far-off corner, with a virus that was last prevalent ten years ago. There is no way of saying conclusively that a virus only exists \u201cin the zoo\u201d \u2013 the idea was to report those things that people were more likely to run across.<\/p>\n
Many years later, the malware world has changed quite a bit. Trojans used to be something that people quibbled about including in anti-virus products (because they\u2019re not viruses, see\u2026). Now Trojans make up the bulk of files detected by those same products (even though most folks still usually refer to them as anti-virus products, rather than anti-malware products). The tactics of malware writers has changed so that thousands of new variants are pumped out for many major malware families. Speed and stealth are the order of the day, not prevalence. The overwhelming numbers of malware samples that are found every day, particularly for Windows and Android, have made gathering such a list effectively impossible.<\/p>\n
That doesn\u2019t mean the information about threats affecting real people is any less valuable than it was 10 or 20 years ago. But now it\u2019s less official, and more reflective of whether a threat has or likely could affect a large number of customers. We still get some threats that are \u201czoo threats,\u201d especially in Mac-land where overall prevalence is low enough that people are still interested in creating \u201cproof of concept\u201d threats to show that it can be done. We report in each malware alert whether we have seen evidence that this threat is affecting real customers or if it is not yet known to be in the wild. This way you can determine how urgently you need to prepare yourself or if you should just update your virus definitions as normal.<\/p>\n","protected":false},"excerpt":{"rendered":"
One of those terms that get bounced around a lot, in discussions of malware is whether that threat is \u201cin the wild.\u201d But what does that actually mean? If your thoughts go to Jaques Cousteau or Mutual of Omaha\u2019s Wild Kingdom, you\u2019re on the right track. It\u2019s meant to differentiate from malware that has affected […]<\/p>\n","protected":false},"author":6,"featured_media":9295,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[2782,86],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n