50 million viruses and rising
Source: av-test.org IT security lab AV-Test registered the 50 millionth new entry into its malware repository this morning at 5:06 GMT. The malware in question is a PDF file which exploits a security hole in Adobe Reader to infect Windows systems. It hasn't been given a name yet because it hasn't been fully identified. So far, only the heuristics of Authentium, Eset, F-Prot, Kaspersky and McAfee have issued a generic message such as: "HEUR:Exploit.Script.Generic". With other anti-virus programs, it can only be hoped that the behaviour recognition will kick in if the user does open the file.
This new item of malware confirms the trend that attackers trying to infect PCs no longer use mainly the security holes in operating systems or browsers as their point of entry. Instead, malware authors are focussing on third party applications. Apart from Adobe Reader, they particularly target Flash plug-ins and Java. If an obsolete version of one of these programs with known security holes is installed, it makes easy prey of the computer in question. The H Update Check can be used to test whether the most important Windows programs have been updated to the current version.
The absolute figures are slightly misleading because they refer to what is called "unique samples". A file with a single changed bit is counted as a new sample even if the behaviour of the malware hasn't changed. As the smallest modifications are often enough to trick signature-based detection mechanisms, malware authors tend to literally swamp the net with variations which offer the same functionality.
- 25 years of PC viruses and copy protection, a report from The H.