Malware samples doubled in one year, F-Secure says

So far this year, it has collected 250,000 examples of malicious software

Finnish security vendor F-Secure Corp. has collected as many malicious software samples this year as it has over the previous 20 years combined, a trend that highlights the growing danger of malicious software on the Internet.

Through the end of 2006 and the 20 years prior, F-Secure counted a total of 250,000 samples, said Mikko Hypponen, F-Secure's chief research officer. This year alone, 250,000 samples have been counted, he said.

Statistics on malware from antivirus companies can vary, since the data is often derived from what their customers experience while using their software and thus is affected by how widely that software is used.

But other security vendors have also noted the flood of new malware on the Internet over the past few years. Symantec Corp. said earlier this year that it detected 212,101 new malicious-code threats between January and June, an increase of 185% over the same period a year earlier.

The astounding increase shows that hackers "are generating large number of different [malware] variants on purpose to make the lives of antivirus vendors more difficult," Hypponen said.

A variant is a piece of malware that has a unique look but belongs to a known family of malware, sharing common code and functions. Hackers use techniques such as obfuscation, which jumbles up code and makes it hard to determine what the program is, and encryption to trick security programs.

"Genuine innovation appears to be on the decline and is currently being replaced with volume and mass-produced kit malware," according to F-Secure's report, which focuses on the second half of 2007.

The increasing number of malware variations puts more pressure on vendors to ensure that they have fine-tuned their products. To handle the surge, F-Secure has hired more security analysts and is continuing to develop automated tools to evaluate malicious software, Hypponen said.

Any new malware must first undergo an analysis. Then most security software vendors create a signature, or an indicator, that allows its security software to detect the malware.

Automation makes the task of analyzing malware somewhat easier, but "in the end, a human makes the decision where we add detection [signatures]," Hypponen said.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon