The total number of viruses will reach one million by year’s end, according to Sophos chief technology officer Paul Ducklin in an article in PC World. Most striking to me is that Ducklin claims 25 percent of unique malware have been created in the last six months of its 20-year history. That translates into 250,000 attack vectors in 6 months or nearly 60 unique malware vectors (as defined by Sophos) an hour.
Ducklin offers some hope, “About 85 to 90 percent of malware families have a fix created for them almost immediately,” which leaves over 50 new attack vectors an hour that have to be identified, code written and updates distributed.
In the same PC World article F-Secure Asia-Pacific vice president Jari Heinonen said it logs about 25,000 malware samples each day, the highest on record.
“The total number of viruses and Trojans will pass the one million mark by the end of 2008 if this trend continues,” Heinonen said.
Both Sopho’s Ducklin and F-Secure’s Heinonen say that drive-by-downloads of malware, due to iframes vulnerabilities are growing. F-Secure’s Heinonen “Drive-by downloads are the preferred way of spreading malware [because] they happen automatically by visiting a Website unless users have a fully patched operating system, browser, and plug-ins.“
Heinonen also predicts that malware will increasingly target the kernel sector through rootkits such as Mebroot, which attacks the bootstrap sector. A resurgent Mebroot was detected last month, some 15 years after the DOS-based malware was created.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.