0 Replies Latest reply on Apr 2, 2008 8:53 AM by HarryWaldron

    F-Secure expects possibly one million unique viruses in 2008

      :eek::eek::eek: Virus, Trojan Horse, and Worm attacks have changed substantially in the past couple of years. Previously, malware authors seeded "true" viruses that replicated from PC to PC, manipulating unpatched email or system vulnerabilities.

      This still occurs, however most attacks are massively spammed to trick users into selecting a malicious web link or attachment. Most current attacks usually don't spread to other vulnerable PCs from an infected system, although there are still many "true" viruses circulating (e.g., network walkers, USB flash drives, email worms, etc).

      However Botnets using fast-flux servers (i.e., that hide the true malware master servers) are creating highly polymorphic (i.e., rapidly changing) malware threats. Each attack wave is spammed with a unique MD5 hash., that AV vendors key on in some cases to detect malware (along with pattern matching algorithms).

      Botnets (e.g., Storm Worm) use a master malware "template" approach. These master blueprints can change hourly on the fast-flux servers to create new variants that AV software may or may not detect. Wave after wave of unique malware can be spammed out which is creating the potential for one million different viruses in 2008.

      In reality, there are only a few thousand active virus families, but some of these families have several thousand variants within them. Still, each of the million unique MD5 patterns must be handled successfully by the AV vendors. This new attack style is challenging and explains why only 30% of AV vendors may provide coverage shortly after a new virus wave is massively spammed to the public.

      F-Secure expects possibly one million unique viruses in 2008
      http://www.heise-online.co.uk/news/F-Secure-expecting-a-million-viruses-this-yea r--/110451

      QUOTE: Finnish antivirus software vendor F-Secure has published its statistics for the first quarter of 2008. The company estimates that a total of a million new viruses will be born this year – 25,000 malicious programs per day have made their way onto the firm's servers.

      This number agrees with other research. Service provider AV-Test last year had already registered viruses at the same daily rate, but from all antivirus vendors and other sources such as honeypots combined. According to AV Test general manager Andreas Marx, in the 13 hours to one o'clock on Tuesday 21,439 unique samplesviruses with a unique MD5 "fingerprint" – had already made their way onto the company's servers.