Calidad de la sal y la cantidad requerida

 steal personal and corporate bank account information

 steal credit card numbers

 conduct DDoS attacks, with the instigators then demanding money to stop the attacks - a cyber racket)

 create networks of Trojan proxy servers. These can be used to send spam, and for commercial gain

 create zombie networks, which can be exploited in multiple ways

 create programs which download and install adware to the victim machine

 install Trojan dialers which will repeatedly call pay services

 etc.

It's difficult to say exactly how widespread criminal activity is. I think that there are dozens, if not hundreds of hacker groups and individual hackers active in the computer underground. The hackers who belong to groups can probably be numbered in the thousands - this is according to the law enforcement agencies of most computerized countries. Over the last few years several dozen hackers and hacker groups have been arrested, and the total number of arrests topped several hundred. However, this doesn' t seem to have had any real effect on the number of viruses and Trojans.

42 Another figure which can only be guessed at is the total turnover of the computer underground.

Published sources estiamte that between 2004 and 2005 hackers either stole or scammed several hundred million dollars. As the vast majority of cyber criminals have not been arrested or imprisoned, we can assume that the annual turnover is probably billions of dollars. (This figure may well exceed the annual turnover of antivirus companies - for these figures, see below.) The total damage done to the world economy by the activity of virus writers, hackers and spammers has long since exceeded tens of billions of dollars annually. The amount continues to grow. According to research carried out by Computer Economics, total losses in 2004 were close to $18 billion, with a trend towards a 30 - 40% annual growth rate.

Let's take a look at the players in the world of cyber threats:

 Virus writers and hackers are creating and distributing viruses and Trojans for their own reasons

 End users' machines and networks are under constant threat of hacker attacks, and may often fall victim to co-ordinated attacks

 Police and law enforcement bodies throughout the world are only partially successful in investigating and prosecuting cyber crimes

 Antivirus companies create software to counteract cyber threats

There's been a great deal written about viruses, hackers, and those who hunt them down - there have even been Hollywood films made on the subject. The developers and vendors of antivirus solutions use their web sites to publicize their achievements. However, there isn't much

information about the problems which the antivirus industry faces. This article, therefore, aims to address this topic and, to some extent, rectify the imbalance.

A short overview of the antivirus industry

To start with, let's take a look at the companies manufacturing standard solutions which protect against computer viruses. (We'll discuss dedicated solutions and tools a little later in the article.)

43 By standard solutions, I mean software for desktops, file servers, mail servers, and the perimeter of corporate networks.

The total market for such standard solutions was estimated as being $2.7 billion in 2003 and $3.3 billion in 2004, with $3.8 billion being the predicted figure for 2005. (All information in this section is taken from IDC, 2005). All antivirus manufacturers are divided into 3 groups; industry leaders, second tier companies, and others (those which have no significant effect - if any - on the antivirus landscape).

The leaders include Symantec, McAfee (NAI) and Trend Micro - the activity of these companies affects all markets:

Company

Annual turnover, $mln

2003 2004

Symantec 1098 1364

McAfee (NAI) 577 597

Trend Micro 382 508

These three companies occupy leading positions in all markets, with a few exceptions (for instance, Trend Micro dominates the Japanese market). Symantec and NAI (McAfee) are North American. Trend Micro is originally a Taiwanese company which was floated on the Japanese stock market. It is currently headquartered in the USA.

The second tier includes companies whose turnover is significantly lower than the leading three.

However, these companies still have an annual turnover of tens of millions of dollars:

Company Annual turnover, $mln

44

2003 2004

Sophos (UK) 97 116

Panda Software (Spain) ^* 65 104

Computer Associates (USA) 61 74

F-Secure (Finland) 36 51

Norman (Norway) 23 31

AhnLab (S.Korea) 21 28

Kaspersky Lab, based in Russia, is also included in this group. However, the company does not disclose financial information.

The majority of second tier companies have a significant presence in their respective domestic markets, but a relatively small presence in foreign markets. For instance, Sophos is most successful in the UK, Panda in Spain, F-Secure in Scandinavian countries etc.

The third group includes several dozen antivirus companies. The best known include:

 Alwil - Awast (the Czech Republic)

 Arcabit - MKS (Poland)

 Doctor Web - DrWeb (Russia)

 ESET - NOD32 (Slovakia)

 Frisk Software - F-Prot (Iceland)

 GriSoft - AVG (the Czech Republic)

 H+BEDV - AntiVir (Germany)

 Hauri - VI Robot (South Korea)

45

 SoftWin - BitDefender (Romania)

 VirusBuster - VirusBuster (Hungary)

The third group also includes UNA and Stop! (both Ukrainian), Rising and KingSoft (China) and others.

The majority of companies in this group do not disclose any financial information. However, some estimates state that annual turnover is around $10 million.

This information above gives a breakdown of antivirus companies' market share. However, companies offering products based on licensed technologies aren't included. Examples are the German company G-Data, whose antivirus solution is based on Kaspersky Lab and SoftWin technologies, and Microsoft, which offers a multi-engine solution developed by Sybari.

There are also some non-standard types of antivirus protection, some of which are relatively specialized. This includes systems which will delete any potential threat from corporate email messages (the end user receives only messages without executable attachments or html scripts), systems which will launch the web browser within a virtual machine etc. There are also some programs which are fairly similar to antivirus solutions: software which protects against DDoS attacks, patch management software etc. However, none of these can be called fully functional antivirus products.