300,000 malicious items approaching fast
Wednesday August 1, 2007 at 6:36 am CST
Posted by Marius van Oers
Later this week the malware count will most likely go beyond the 300.000 barrier for malicious items count.
Malicious items have come and gone over the years, but some remain persistent. The types of malware are not constant but evolves over time. From the late 80’s till early nineties they were mainly the MS-DOS 8 bit .com & .exe files & boot infectors.
From 1995-2000 VBA code was very dominant, first as a side-effect as people would exchange infected .doc/.xls files unknowingly, later malware code would just read all items from the outlook address book and would automatically mail itself out.
From 2000-2003 Javascript/VBScript items along with 32 bit PE files were dominant, exploits and multi-component malware began to appear.
From 2004 onwards the binary massmailing worms were the topic of the day, resulting in many overloaded Exchange Servers. On some occasions we even had to go to “Medium” risk multiple times a day. The Netsky/Bagle wars are over luckily.
From 2005 onwards the shift went to BOTs and Trojans plus Adware & Spyware & Phishing attempts grew.
The Bots are especially problematic as they’re so hard to fight. The bot networks were mainly used to distribute adware/spyware but on some occasions were also used for DDoS attacks, for “fun” or worse, for ransom etc. Although we still see many bots appearing they don’t seem to be that dominant any more. Nowadays the focus is more on the obtaining of money from adware and trojans but there’s also much spyware. Also specific targeted attacks are more common.
So even though the general public doesn’t hear that much of outbreaks as in the Netsky/Bagle wars, malware numbers still grow very fast using more silent methods with adware/spyware and targeted attacks.
In 2000 we had a little over 50.000 malicious items. That figure went to 100.000 in 2003. In August 2006 we passed the 200.000 barrier and almost exactly 1 year later, august 2007 , we will be passing the 300.000 barrier. With these huge numbers appearing the handling of samples can’t be maintained by humans only. It also continues to raise many questions around the naming of malware.
July 9th, 2008 at 15:07
[...] the first six months of 2007, McAfee researchers saw as many unique samples of malware as in 2005 and 2006 combined. That growth tells me that old-school AV does not have the upper hand. We aren’t keeping up [...]