Malware Counts Bore Upward, Onward

By Matthew Hines  |  Posted 2009-02-06 Print this article Print

You can't emphasize it enough when you see the numbers - we continue to be pelted with record amounts of malware code, forcing security vendors to engage in an increasingly sprawling game of cat-and-mouse.

According to a blog post authored by researchers with McAfee's Avert Labs, the company will soon crest the 500,000 mark for the number of DAT AV driver signature files used in its flagship engine.

Researchers with the company noted that this is a huge milestone, as the drivers can account for thousands of individual malware strains, representing how vast the necessary library of AV signatures has become as attacks continue to proliferate at a dizzying pace.

By comparison, a popular AV engine might have 80 DATs back in the 1980s, writes McAfee's Marius van Oers.

"Half a million is a huge amount," the expert said. "Most drivers are written to detect many samples generically. For example 1 driver can detect fifty or as many as thousands of malware files. Therefore the number of detected malware files is way higher then the half a million number reflected in the DATs."

Driven by millions of new malware samples made possible through automation and the use of professional authoring toolkits, the numbers just keep running further and further into the stratosphere.

Last month, researchers with PandaLabs reported that they encountered more malware attacks over the first eight months of 2008 than they saw in the previous 17 years combined. Consider that for a moment.

In 2008, Panda estimates that it uncovered an average of 35,000 malware samples each day, some 22,000 of which were new. In the end the firm saw over 15 million new threats in 2008 altogether.

In all cases, researchers agree that Trojan password-stealing spyware attacks remain the biggest problem of all.

According to researchers at Kaspersky, Trojans dominated its Top Twenty malware attacks rankings during the first month of 2009.

The Sality.aa attack retained its leading position from Dec. '08, and was joined by Sality.z, making the Sality family one of "the most widespread and dangerous families of the recent past," Kaspersky experts said.

Rapidly advancing its position was the Downloader.WMA.GetCodec.r multimedia Trojan, showing evidence that malware threats that use peer-to-peer networks and multimedia downloaders to spread themselves remain "very effective."

The experts also noted the continued spread of the "notorious" Kido family of network worms which use a critical Windows vulnerability to compromise systems.

"The current epidemic, the propagation method used, and the number of potentially vulnerable computers mean the appearance of Kido variants in this month's Top Twenty are no surprise," Kaspersky contends in its monthly report.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel