In association with heise online

15 January 2008, 09:18

Quantity of malware booms

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Virus experts from AV-Test have examined the quantity of malware they have collected over the last few years. The shocking result – the count is rising rapidly. Last year they found more than five times as much new malware – almost five and a half million – as in 2006.


According to AV-Test's Andreas Marx, they counted the number of files with different 'fingerprints' (MD5 hashes). This includes malware which is packed using a different run-time packer or is differently encrypted. Since 2004 the level of growth has gone through the roof:

Year Malware discovered
2008 117480 (first 7 days only)
2007 5490960
2006 972606
2005 333425
2004 142321
2003 178825
2002 199049
2001 155528
2000 176329
1999 98428
1998 177615
1997 137716
1996 36816
1995 15988
1994 28613
1993 12287
1992 36822
1991 18384
1990 9044
1989 2604
1988 1738
1987 1389
1986 910
1985 564

The figures clearly demonstrate that the signature based approach of current anti-virus software is no longer appropriate. In light of such figures, Eugene Kaspersky predicted at last year's CeBIT that anti-virus software vendors could lose the fight against virus producers. Anti-virus software vendors try to detect multiple malware variants using a single signature by means of generic detection, but the generation of such generic signatures is carried out by programmers, takes time and is prone to error – in the last few days, avast and Gdata have had to contend with a false alarm for an essential system file caused by just such a signature.

One approach to a solution is 'behavioural blockers', which monitor the software running on a system and analyse and assess its behaviour. If sufficient examples of suspect behaviour – such as setting newly created files to autorun, key-stroke recording or creation of connections to IRC servers – are observed, the analysed behaviour may exceed a set threshold, triggering a behavioural blocker alarm, which can terminate the potentially dangerous program and roll-back any changes made.

In the latest c't anti-virus software test, only few anti-virus solutions included a behavioural blocker. Many vendors are currently working on such extensions to their anti-virus solutions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit