October 26, 2017

New Research: Traditional Antivirus Failed to Protect Nearly 40 Percent of Users Using Two or More AV Solutions from All Malware Attacks

— Based on data from real-world scans of nearly 10 million endpoints, Malwarebytes discovered malware compromises where a traditional antivirus solution (AV) was registered on the endpoint

— Four leading traditional AVs showed consistent weaknesses against ransomware, botnets, and Trojans


SANTA CLARA, Calif. – October 26, 2017 – Malwarebytes, the leader in advanced malware prevention and remediation solutions, released new data on the efficacy of traditional antivirus (AV) solutions today. The research, Mapping Traditional AV Detection Failures, details how traditional AV solutions performed from January through June 2017, based on real-world remediation scans performed by Malwarebytes. Nearly 40 percent (39.18 percent) of all malware attacks cleaned by Malwarebytes on endpoints with an AV installed occurred on endpoints that had two or more of these AV solutions registered. About 39 percent (39.16 percent) of attacks on endpoints with a non-OS bundled AV installed occurred on an endpoint running one of the four leading traditional AV solutions.

To better understand the threats that today’s users of traditional AV face, Malwarebytes consolidated data from Malwarebytes scans of approximately 10 million endpoints, the vast majority of which had one or more traditional AV tools registered on the Windows® Security Center. This data looks at instances where Malwarebytes was used solely for remediation and excludes data where Malwarebytes proactively blocked threats. For comparative purposes, Malwarebytes also tracked the failure rate of the four leading traditional AV solutions recommended in a recent industry analysis.

Malwarebytes also released a real-time heat map detailing traditional AV weaknesses around the globe. The map shows when Malwarebytes remediates instances of malware on endpoints that have a traditional AV registered.

“The results of these scans clearly indicate the ineffectiveness of today’s traditional AV solutions and, more importantly, the unknown risks to users that depend only on these AV platforms to stay safe,” said Marcin Kleczynski, CEO of Malwarebytes. “Antiquated AV technology is no longer enough to protect from sophisticated cyberthreats. It’s crucial that consumers and businesses understand this now before they become a victim of the next attack.”

Key findings from the report include: 

  • The most common forms of malware are bypassing traditional AV protections. The top ransomware types detected on compromised machines with a traditional AV installed were Hidden Tear (41.65 percent) and Cerber (18.26 percent). Botnets most frequently detected included IRCBot (61.56 percent) and Kelihos (26.95 percent). The most prevalent trojan types bypassing traditional AV detections were Fileless (17.76 percent) and DNSChanger malware (17.51 percent).
  • Deploying multiple traditional AV solutions is not enough. Real-world deployments of traditional AV failed to protect 39.21 percent of users from all malware attacks. These infected machines had two or more traditional AV solutions registered.
  • The four leading traditional AV players are failing. 39.16 percent of the total security incidents caught among machines with a non-OS bundled AV installed were detected on machines with one of the four leading traditional AV players registered.
  • Ransomware is no match for today’s four leading traditional AV players. More than 48 (48.59) percent of Hidden Tear and more than 26.78 percent of Cerber events were found on a compromised endpoint with a non-OS bundled AV installed that had at least one of the four leading traditional AV brands installed.
  • Some of the four leading traditional AV brands are performing worse than others, leaving users at higher-risk. Out of 95 total traditional AV brands registered on users’ computers, leading AV “Brand A” was registered on 12.9 percent of compromised computers with a non-OS bundled AV installed and leading AV “Brand B” was registered on 11.75 percent of compromised computers. However, leading AV “Brand C” and “Brand D” were registered on less than 10 percent of compromised computers.

“We are seeing more cyberattacks find ways to break through traditional AV detections,” said Adam Kujawa, Director of Malwarebytes Labs. “The shortcomings of today’s traditional AV solutions are putting businesses, consumers and even governments at risk. Cybercriminals will only continue to get better at developing attacks that are smarter and faster than our existing technologies. It’s imperative that we continue to create new solutions to keep up with the pace of these new attack methods.”

To view the real-time heat map, visit www.malwarebytes.com/remediationmap.

Threat Map Oct 2017 2


About Malwarebytes

Malwarebytes is the next-gen cybersecurity company that millions worldwide trust. Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware and exploits that escape detection by traditional antivirus solutions. The company’s flagship product combines advanced heuristic threat detection with signature-less technologies to detect and stop a cyberattack before damage occurs. More than 10,000 businesses worldwide use, trust and recommend Malwarebytes. Founded in 2008, the company is headquartered in California, with offices in Europe and Asia and a global team of threat researchers and security experts. For more information, please visit us at https://www.malwarebytes.com/.

Malwarebytes founder and CEO Marcin Kleczynski started the company to create the best disinfection and protection solutions to combat the world’s most harmful Internet threats. Marcin was recently named “CEO of the Year” in the Global Excellence awards and has been named to the Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal’s 40 Under 40 award, adding those to an Ernst & Young Entrepreneur of the Year Award.




Follow us on Facebook: https://www.facebook.com/Malwarebytes

Follow us on Twitter: @malwarebytes https://twitter.com/malwarebytes

Follow us on LinkedIn: https://www.linkedin.com/company/malwarebytes

See us on YouTube: https://www.youtube.com/malwarebytes

Read our latest Malwarebytes Labs blog: https://blog.malwarebytes.com/

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language