Collective Intelligence, the engine for internet security created in 2006 by Panda Security's malware research laboratory, recently processed its 200 millionth malware file via the cloud.
CI uses the internet "community" - users of Panda's free CloudAntivirus, along with other companies and collaborators - to locate malware. The company says CI automatically detects, analyses and classifies more than 73,000 new malware strains that appear every day, ranging from viruses to worms, Trojans, spyware and other attacks. CI now has a database of more than 25 terabytes of cloud-based classification data.
Unfortunately, the company has reached this milestone because the threats also keep getting faster and more abundant. According to Panda, a third of all the malware in existence was created in the first 10 months of 2010. The average number of threats created daily rose from 55,000 in 2009 to 63,000 in 2010 to 73,000 this year.
Microsoft reported in May that one of every 14 downloads from the internet may contain malware code. Social media - particularly Facebook - has become fertile ground for malware attacks.
So, is Collective Intelligence actually winning the war on malware, barely keeping up with it or falling behind? Pedro Bustamante, senior research adviser at Panda, believes CI is keeping up. "Real-time scanning, classifying and disinfecting malware via the cloud, is the only way to scale with the pace at which cybercriminals are distributing new threats," he says. But he acknowledges the enemy is sophisticated, well-funded and highly motivated. The purveyors of malware are not a random collection of "bad guys," he says. "They are organised criminal organisations, structured like a medium/large company."
They have development departments and conduct QA against the most popular antivirus and internet security products, he added. They have marketing departments that recruit affiliates who they pay-per-install based on geo-location of the infected PC. They also have business ties with other organised groups to install other types of malware such as rogue antiviruses.
'Panda can improve'
"I wouldn't be surprised if some of these groups also have political ties in some Eastern European countries for 'protection' from being shut down," he said.
With the speed and ease with which malware is being created, is even an improvement to six minutes to classify a threat too long? Bustamante says more important than the raw time of responding to a specific file is the "prioritisation of queues." CI, he says, is able to focus on the most important and prevalent first, and ignore variants that are, "no longer in the wild, nor will they ever be."
One of the best ways to improve CI, he adds, is to join it - for free. The company's Cloud AntiVirus now has more than 12 million users. But he says Panda can improve with more of the kind of, "intelligence we are gathering from our cloud-based system."