According to the German security company AV-Test, malware has exploded to unprecedented levels in the past five years. More troublingly, they anticipate seeing over 60 million new pieces of malicious software by the end of the 2013.
Andreas Marx, CEO of AV-Test, said that his company has been compiling malware samples since 1984. Their database had humble beginnings: Just 12 samples of malicious software. By 2003 there were over a million and nearly ten million by 2008. But by the beginning of this year, the number had jumped to 104,437,337 unique samples.
"The AV-Test database used to record current malware is now working flat out," said Marx. He went on to say that the system has already recorded "over 20 million samples of new malware between January and the beginning of May."
To put those numbers in context, AV-Test didn't reach 20 million new samples until August of last year. In 2011 and 2010, the company collected less than 20 million samples.
AV-Test says they expect to see five million new malware samples each month – about double the rate from last year. This works out to around 60 million new malware samples by the year's end.
In the face of the rising number of threats, Marx writes that the security industry is changing. "This dramatic development is also forcing the manufacturers of anti-virus software to adopt different strategies, for example whitelisting, an approach that has now been popular for a number of years."
Instead of simply checking files against blacklists of dangerous ones, security companies are finding it easier to simply record whitelists of harmless files.
Where's it all coming from?
"Malware is getting personal," Marx explained. "Instead of sending 100,000 users the identical malware sample, a malware writer generates 10,000 unique samples for 10 users each or even 100,000 completely unique samples."
By doing so, malware creators hope to sidestep security software by making the new malware just different enough to pass by unnoticed.
"In the majority of cases, the malware writers are using the same executable and then, it will automatically be encrypted, packed and scrambled in different ways," said Marx.
In the back and forth between the bad guys and security companies, attackers must constantly change their strategies if they hope to reach any ripe targets.
Perhaps 60 million new pieces of malware might just be the sign of a job well done, but nonetheless, it’s a scary number.