Counting Malware
- Thursday, February 5, 2009, 6:29
- Threat Research
Malware continues to increase at a rapid rate. With the DAT-5516 release, scheduled for 4 February, the number of drivers in the DATs will pass 500,000. Half a million is a huge amount. I remember my first antivirus program, back in the ’80s, that had a count of about 80. I don’t recall the exact number, but it’s easy to place it into perspective. We add way more on a daily basis now.
However, our current count is not an absolute number of detected malware files; this can confuse many people. Drivers can be written very specifically, say one driver for one sample, but that’s not very effective. Most drivers are written to generically detect many samples. For example, one driver can detect 50 or as many as thousands of malware files. Therefore, the number of detected malware files is way higher then the half-million number reflected in the DATs. For another look at the complexity of counting malware detections, please see François Paget’s blog as well.
Initially VirusScan would focus just on true self-replicating viruses, mainly 8-bit (.com/.exe), MS-DOS viruses as well as boot viruses, which were prevalent then–and some still are today. Malware has evolved into many areas including, but not limited to, VBA, VBScript, JavaScript, 32-bit (pe-type .exe binaries) mass-mailers, 32-bit file infectors, mobile malware, adware and password stealers, and others. Nowadays the
Continue reading...