Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Malware morphs to greater numbers
Published: 2008-06-25

The number of signatures required to detect malicious code skyrocketed in the first half of 2008, increasing by 80 percent since the end of 2007, according to data released by antivirus firm F-Secure on Tuesday.

The data -- part of the F-Secure's IT Security Threat Summary -- showed that the company currently requires nearly 900,000 different signatures, also referred to as "definitions" or "detections," in its product to catch current threats, up from 500,000 signatures at the end of 2007.

"I have a nasty feeling that the situation is getting worse, not better," Mikko Hyppönen, chief research officer at F-Secure, said in a statement announcing the release of the report. "However, we're not giving up either."

The menagerie of malicious code against which antivirus firms have to protect their customers is quickly increasing. At the end of 2007, F-Secure announced that the total number of detections of viruses, worms, Trojan horses and other malicious code reached 500,000, counting from 1986. McAfee also estimated that is own count of malicious code would surpass 360,000 by the end of that year.

The primary cause of the increase is the widespread use of obfuscation techniques, such as encryption and compression, by malicious software writers to morph a piece of code into a collection of bytes that no longer resembles the original. A virus definition detects multiple variants of the same malicious program, so the number of definitions does not necessarily correspond to the number of digital threats on the Internet, Hyppönen told SecurityFocus. For example, F-Secure uses 700 definitions for detecting the different variants of the Storm Worm currently in the wild, Hyppönen said.

"What the increasing use of self-defense technologies in malware represents is the ever growing professionalism within the crimeware community," he said. "Criminals are adapting and utilizing enterprise level systems and code within their operations."

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
Malware morphs to greater numbers 2008-06-28
Aa'ed Alqarta
How many are false positives? 2008-07-01


Privacy Statement
Copyright 2009, SecurityFocus