Underscoring the difficulty in keeping up with the pace of malicious code development, two antivirus companies published their latest tally of the menagerie of malicious code against which they have to protect their customers.
On Wednesday, antivirus firm F-Secure announced that the total number of "detections" -- or variants -- of viruses, worms, Trojan horses and other malicious code reached 500,000 in the last week of 2007, counting from 1986. In December, McAfee estimated that is own count of malicious code would surpass 360,000 by the end of the year.
F-Secure stressed that the influx of variants are not due to original code, but mass-produced attempts to foil antivirus filters, a tactic made successful by the Storm Worm. However, the overwhelming numbers do put strain on antivirus companies' human analysts, according to Dave Marcus, security research and communications manager for McAfee's Antivirus Emergency Response Team.
"You have to invest in your researchers, but you also have to invest in automating the process," Marcus said in a December interview with SecurityFocus. "When you are getting thousands of samples a day, you cannot just rely on human analysts, you need automation."
In 2007, antivirus companies have had to deal with evolving tactics on the part of malware authors. The Storm Worm's creators have used a variety of techniques, from rapidly changing variants to fast-flux hosting, to continue to spread variants of the program to victims' PCs. Web-based infection kits that deliver a different variant to each victim's PC has also made analysis more difficult.
For both F-Secure and McAfee, the number of malicious-code variants nearly doubled in 2007 over the previous year's total.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos