Malware - Anti-Virus Vendors struggled to keep us protected during 2007
Security vendors are always trying to hit a moving target when it comes to malware attacks. During 2007, the number of new malware agents increased dramatically. Much of this is attributed to highly polymorphic malware packaging techniques and unique "waves" of trojan horse attacks. For example, trojan horse construction kits allow malware to be packed using numerous available algorithms for compression. Also, Storm worm malware patterns found on server templates changed on an hourly basis according to one report I had read.
While we didn't have 250,000 brand new unique viruses as F-Secure shares, we had thousands of "close cousins" within the same virus family. Trojan horses are unique attacks that don't replicate on the infected PCs and have been around since the dawn of malware. During 2007, there was "wave after wave" of unique trojan horse attacks (including the Storm worm and other botnets). Each wave represents a unique pattern AV vendors had to provide coverage for during each round of attacks.
Unfortunately, we'll see more of the same (if not worse) in 2008. I had also read that only 30% of AV vendors have signatures ready within 24 hours of an attack wave, it is imperative to always follow those best practices of avoidance on any email that appears suspicious (even from someone you know).
AVERT - A banner year for malware, digital threats and the security industry
QUOTE: On January 2, 2007, we posted the first DAT files (4930) of the new year. On that day, the public count of threats detected stood at 221,935. Fast-forward to December 31, when we released the last DAT (5196) of 2007, and the public count of threats detected finished at an almost unbelievable 357,820. That’s a total of 135,885 unique threats that we at Avert Labs identified throughout 2007. But let me put that into further context:
• 372 new detections per calendar day in 2007
• 527 new detections per business day in 2007
• One driver written every 4 minutes in 2007
• 38% of all detections were added this year.
• 25,438 more detections were added this year than in 2005 and 2006 combined. (Those two years totaled 110,447.)
F-Secure - Up to 1/2 Million Malware Detections
QUOTE: Our recent Data Security Wrap-up predicted we'd reach half-a-million malware detections by the end of the year. And in fact — we did reach 500K of detections during the last week of December. Quite the way to end 2007. So now we've had a bit of rest and are recharged for the year ahead. That's a good thing too because we predict that 2008 will be busier than ever.
F-Secure - IT Security Threat Summary for H2 2007
QUOTE: What previously took twenty years to accumulate — was now accumulated in just one year
At the start of 2007 — our number of malware detections equaled a quarter-million. At the end of 2007, the estimates are to be equal to half-a-million.
This graph from F-Secure illustrates how difficult 2007 was for the providers of AV protection: