Number of viruses to top 1 million by 2009

Computerworld Australia - The total number of viruses will reach 1 million by year's end, according to security experts.

Malware writers have been forced to create new types of viruses and exploits more regularly as businesses and individuals improve security practices, the experts said.

Sophos PLC Chief Technology Officer Paul Ducklin said about 25% of unique malware has been created in the past six months of its 20-year history.

"About 85% to 90% of malware families have a fix created for them almost immediately," Ducklin said.

"Malware writers aren't getting the same bang for [their] buck as they used to because businesses and consumers have become much more diligent with security over the last five years," he noted.

"The number of infectious e-mail attachments getting through are down from about 1 in 40 [about five years ago] to 1 in 1,000," said Ducklin.

He said the decline in infections is the result of better gateway filters, more relevant corporate policies and user education, and dilution from a rise in legitimate e-mail traffic.

While the security industry is on top of conventional spam and phishing attacks, more effort needs to be put into preventing and eliminating so-called drive-by downloads, according to Ducklin.

The attacks allow hackers to redirect mass amounts of traffic by inserting malicious iFrames into legitimate Web sites. The hacks are usually invisible to Web site visitors and often do not draw attention from security personnel because they only require a single line of code to be manipulated.

He said it is essential that exploits be patched because hackers search for compromised sites for follow-up attacks.

Jari Heinonen, Asia-Pacific vice president at F-Secure Corp., said his company logs about 25,000 malware samples each day, the highest on record.

"The total number of viruses and Trojan [horses] will pass the 1 million mark by the end of 2008 if this trend continues," Heinonen said. "While there are more viruses than ever before, people report seeing less of them [because] malware authors are changing their tactics.

"Drive-by downloads are the preferred way of spreading malware [because] they happen automatically by visiting a Web site, unless users have a fully patched operating system, browser and plug-ins," Heinonen said.

Heinonen said malware will increasingly target the kernel sector through rootkits such as Mebroot, which attacks the bootstrap sector.

A resurgent Mebroot was detected last month, some 15 years after the DOS-based malware was created.