Following up on the recent post by my colleague Dave Marcus concerning malware growth, the guys from AV-Test in Germany just released their updated stats. To avoid confusion when comparing the different numbers, here’s a quick explanation of the different counts:
AV-Test counts unique binaries. Unique means different cryptographic hashes. So the same Trojan, obfuscated with 10 different packers results in 10 unique binaries. This is often due to the impact of server-side polymorphism, where you get a unique binary every time you download a file.
Our outbound counting, as used by Marcus, counts the threats for which we have to create a driver for detection. If in the example above we are able to look beneath the obfuscation layer of the packers, the 10 different binaries would be counted as just one Trojan. In addition to that, we frequently use generic detection, in which a single count could hit on thousands of minor variants.
Now that the different ways of counting may be a bit clearer, let’s look at the bad news:
AV-Test’s count has come close to 22,000,000 samples in June.
(Click here for a larger image.)
This by itself is disturbing, but the really disturbing trend is visible when we look at the growth month over month:
(Larger image here.)
The growth has been fairly constant over the last year but this has changed now.
We are now seeing a major increase in the monthly growth, topping one million new samples each month in AV-Test’s count. And this time it’s not only samples (the same piece of malware packed over and over again) but also actual new malware. If you look at Marcus’ numbers again–growth in 2009 has nearly tripled compared with 2008 and remembering that we count malware rather than samples–this indicates there has been a shift recently in malware production. Tons of new Trojans have been developed and released on top of the reused stuff.
So keep your machine updated, not just AV and the OS but all applications. Watch out where you surf. (SiteAdvisor may help you there.) And take care what links or attachments you trust in emails and all other forms of messages. All this will help you enjoy the summer!