F-Secure: Malware samples doubled in one year
- 05 December, 2007 08:30
Finnish security vendor F-Secure has collected twice as many malicious software samples this year than it has over the last 20 years, a trend that highlights the growing danger of malicious software on the Internet.
Through the end of 2006 and 20 years prior, F-Secure counted a total of 250,000 samples, said Mikko Hypponen, F-Secure's chief research officer. This year alone, 250,000 samples have been counted, he said.
Statistics on malware from antivirus companies can vary since the data is often derived from what their customers experience while using their software, and it depends on how widely that software is used.
But other security vendors have also noted the flood of new malware on the Internet over the last few years. Symantec said earlier this year that it detected 212,101 new malicious code threats between January and June, an increased of 185 percent over the same period a year prior.
The astounding increase shows that hackers "are generating large number of different [malware] variants on purpose to make the lives of antivirus vendors more difficult," Hypponen said.
A variant is a piece of malware that has a unique look but belongs to a known family of malware, sharing common code and functions. Hackers use techniques such as obfuscation, which jumbles up code and makes it hard to determine what the program is, and encryption, to trick security programs.
"Genuine innovation appears to be on the decline and is currently being replaced with volume and mass-produced kit malware," according to F-Secure's report, which covers the second half of 2007.
Higher numbers of malware samples put more pressure on vendors to ensure they have fine-tuned products. To handle the surge, F-Secure has hired more security analysts as well as continued to develop automated tools to evaluate malicious software, Hypponen said.
Any new malware must first undergo an analysis. Then most security software vendors companies create a signature, or an indicator, that allows its software to detect the malware.
Automation makes the task of analyzing malware somewhat easier, but "in the end, a human makes the decision where we add detection [signatures]," Hypponen said.