To infinity and beyond

SophosLabs has discovered a technique in anti-virus marketing, which we detect as Spin/BigNumber-P. Typical behaviour involves phrases such as “Product detects X viruses!”, where X is a large, rather exact-sounding number. Some variants involve high-tech numerical displays updated in real-time with ever growing numbers. This technique has been spotted in the wild.
Never one to be left out, SophosLabs would now like to publish the number of malicious files we detect:

Yes, that’s right: We currently detect an infinite number of malicious files. While that shouldn’t surprise those familiar with SophosLabs, let me explain.
Talking about a specific number in relation to total malicious file detections reveals a misunderstanding of how malware and malware detection operate. The vast majority of threats we see are polymorphic, meaning we see many variations of each threat. Some are modified by the malware authors, others are generated by server-side programs and others modify themselves as they spread. And then there are file infecting viruses, which potentially modify any clean file on a system into a malicious one. An infinite number of threats.
When a quick response is required, our analysts and automated systems can block a specific file. But the bulk of our protection comes from generic detection which looks for characteristics of known malware, rather than an exact match. Just (continue reading...)