Google.org currently maintains "
Google Flu Trends" which works by looking at search keywords as
indicators of flu activity.
I've been doing some thinking recently, and why not apply the same to computer virus outbreaks?
I'm still trying to refine the search keywords, but there's a good
article on CNet which might provide some starter info.
Based upon the article, I've created the following string for insights. Note that Insights treats + as a logical OR...
"computer virus infection" + "computer slow" + "computer crashes" + "program opens slow" + "annoying popups" + "is symantec.com down" + "is mcafee.com down" + "is trendmicro.com down" + "can't update antivirus"
It's important to note however, that using the above search string along
will not produce the "global infection map" we're looking for. This
only looks at English-language searches, and does not include searches
in other languages. We can however use this string to create a nice map
showing infection trends in the United States over the past year.
Since most infections result in searches such as "why is my computer slow", here is a multi-lingual search string:
computer slow + ordinateur lent + ordenador lento + bilgisayar yavaş + コンピューターが遅い + 느린 컴퓨터 + 计算机速度慢 + computer langsom + 電腦速度慢 + компьютер медленно + powolny komputer + بطء جهاز الكمبيوتر
If the above string is accurate enough to indicate that the user is infected with a virus, then we can view global infection trends for home users.
We can try to validate this data by looking at
October 2008 through February 2009, when Conficker was infecting the most computer systems. Conficker started infecting computers in November, 2008, and in January 2009 reached a peak of possibly
15 million infections.
More importantly, we can use the data for the past 30 days to monitor for spikes in activity, which would indicate a possible malware infection is spreading in the wild.
We can also use this data to create a rather interesting
global history of malware infections.