A Post-Mortem Empirical Investigation of the Popularity and Distribution of Malware Files in the Contemporary Web-Facing Internet

Abstract

<p>This short empirical paper investigates a snapshot<br />of about two million files from a continuously updated big<br />data collection maintained by F-Secure for security intelligence<br />purposes. By further augmenting the snapshot with open data<br />covering about a half of a million files, the paper examines two<br />questions: (a) what is the shape of a probability distribution<br />characterizing the relative share of malware files to all files<br />distributed from web-facing Internet domains; and (b) what is the<br />distribution shaping the popularity of malware files? A bimodal<br />distribution is proposed as an answer to the former question,<br />while a graph theoretical definition for the popularity concept<br />indicates a long-tailed, extreme value distribution. With these two<br />questions – and the answers thereto, the paper contributes to the<br />attempts to understand large-scale characteristics of malware at<br />the grand population level – at the level of the whole Internet.<br /></p>