An interesting post from McAfee researcher Toralv Dirro this week suggests that the seemingly endless proliferation of larger volumes of malware variants may actually be hitting a plateau.
Having spiked dramatically since roughly the beginning of 2006, rising from approximately 3 million samples at that time to more than 11 million samples in April 2008, Dirro said there are indicators that the rapid pace of growth is finally slowing.
Over the above timeframe, the number of malware samples found in the wild by researchers almost perfectly mirrored the numbers of variants that attack trackers AV-Test.org had predicted would arrive. However, over the last two months or so, the number of threats that researchers have found has finally started to level out and come in under expectations, according to AV-Test.org and McAfee’s estimates.
“During the last couple of months there is no longer an increase in the number of new samples added,” writes Dirro in the McAfee Avert Labs blog. “The growth is no longer exponential but linear, averaging around 600,000 samples added each month. Looking at our own numbers of new samples, I can confirm this new linear growth.”
So, it would seem that we’ve either hit a lull in activity for some reason or something has happened which has finally begun cutting into the numbers of new attacks. (There’s also the chance that some new level of technical innovation on the part of the malware gangs have made existing tracking strategies obsolete, as Dirro explains, which would render this whole theory moot, and is a distinct possibility.)
In some senses this notion is at odds with the idea that malware writers have better tools at their fingertips than ever before for flooding the world with new samples. But, it’s also hard to argue with the presented numbers, as AV-Test.org aggregates data from a number of respected researchers and McAfee has a malware sensor network that is second only to that of Symantec in terms of sheer size.
If growth finally has slowed for some reason, that has to be encouraging, as it means we’ve reached some saturation point, or even better, some of the security technologies and law enforcement efforts that have been leveled at solving the problem are actually having their desired effect.
Or the bad guys are taking the summer off because they’ve made so much money…
Dirro remains more optimistic.
“Why is this a big deal? For years the security industry has been fighting an uphill battle with the number of new samples increasing every month at an alarming rate,” Dirro said. “Now with constant, though still massive, growth there is some light at the end of the tunnel. If this trend keeps up, planning for future resources and technologies will become much easier and more manageable.”
We can all hope so.
But only time will tell…
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.
