Some Nepenthes Statistics
Monday, January 8. 2007
Here some updates on the number of autonomous spreading malware we observe with the help of nepenthes. This data is based on a sensor running the latest version of nepenthes on about 16,000 IP addresses. The sensor is online since December 8, 2006, so one month now:
Sorting out some errors and then scanning the remaining 1,497 binaries with the current version of ClamAV yields the following results:
Some of the files are presumably broken due to failed downloads or similar issues, thus the detection rate is presumably slightly better than this 83%. A more in-depth analysis with CWSandbox (new design!) will result in a better analysis...
Total Number Of Hits: 6,325,331
Number Of Unique IPs: 8,994
Number Of Unique Malware: 1,555
Average Connections per Day: 950,771
Average Exploits per Day: 242,049
Sorting out some errors and then scanning the remaining 1,497 binaries with the current version of ClamAV yields the following results:
----------- SCAN SUMMARY -----------
Known viruses: 86212
Engine version: 0.88.5
Scanned directories: 1
Scanned files: 1497
Infected files: 1243
Data scanned: 84.47 MB
Time: 17.578 sec (0 m 17 s)
Some of the files are presumably broken due to failed downloads or similar issues, thus the detection rate is presumably slightly better than this 83%. A more in-depth analysis with CWSandbox (new design!) will result in a better analysis...
".
