In our latest detection study, we've been monitoring the anti-malware detection rates of a file embedded with malware and uncovered some surprising results! We scanned the file using the 40 commercial anti-malware engines in Metascan Online and recorded the detection progress over a four-month period.
As the chart below shows, the Backdoor.Androm file was first scanned on November 5th, 2013 with four out of 40 engines initially detecting the file as a threat. 150 days after the first scan, the detection rate remained the same at four out of 40 engines. While previous detection studies we've conducted generally show at least an eventual increase in the number of antivirus engines detecting a new threat, this example shows that some files can remain undetected for long periods of time.
This latest study shows that utilizing multiple antivirus engines to scan files for malware greatly increases the probability of detecting a potential threat. Using a higher number of anti-malware engines increases the chances of early threat detection and provides additional intelligence about the potential maliciousness of a file.
If you are interested in conducting your own anti-malware detection study, please visit Metascan Online.
