Thursday, January 17, 2008

Malware Quietly Reaching 'Epidemic' Levels

Malware Quietly Reaching 'Epidemic' Levels

New reports say malware increased by a factor of five to 10 in 2007


JANUARY 16, 2008 | 5:40 PM


By Tim Wilson
Site Editor, Dark Reading

Everybody knew it was bad, but few knew it was this bad.

In separate studies released yesterday, two research firms now say that malware increased between 500 percent and 1,000 percent in 2007, and it shows no signs of slowing down.

"The number of new strains of malware that appeared in 2007 increased tenfold with respect to the previous year," said PandaLabs, Panda Security's research arm, in a report issued yesterday. "Over the last year, PandaLabs has received an average of more than 3,000 new strains of malware every day. This represents a malware epidemic which -- although silent, with little media coverage and no widespread alerts -- is nevertheless dangerous."

The results indicate that signature-based defenses for malware are no longer effective, the research firm said. Some 72 percent of networks with more than 100 workstations -- and 23 percent of home users -- are currently infected with malware, despite having operative antivirus or other signature-based tools in place, PandaLabs said.

Experts at AV-Test, an independent testing organization, also reported skyrocketing incidence of malware yesterday. After a detailed count, the organization said it identified nearly 5.5 million different malware files in 2007 -- more than five times as many as in 2006.

AV-Test counted the number of files with different MD5 hashes, sometimes called "fingerprints." This includes malware which is packed using a different run-time packer or is differently encrypted, the testing organization said.

In 2007, AV-Test found almost 5.5 million such files, up from about 973,000 in 2006 and 333,000 in 2005, the report said. And the trend is accelerating: The group already has identified more than 118,000 different malware files in the first two weeks of January.

The results drove AV-Test to concur with PandaLabs's assessment. "The figures clearly demonstrate that the signature-based approach of current anti-virus software is no longer appropriate," the report said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.


Panda Security


DISCUSS EMAIL PRINT LINK/REPRINT SHARE

No comments: