Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
You might find it hard to believe, but that’s the number of new unique malware samples we detect on average every day in the wild. During the second half of 2008 our products detected a total of nearly 95 million unique malicious files. The total number of distinct malware files we detect every day in the wild is even higher: 841 thousand unique files (that’s the daily average over 2H08) however malware is often detected during consecutive days or even longer. Half a million is the daily average of new unique samples detected every day during 2H08.
These numbers are huge. However we need to remember that there are a couple of reasons that contribute to this huge malware proliferation. Here are some of them:
The Microsoft Security Intelligence Report (SIR) Volume 6, which we released this month, includes more details. For example, here is the total number of unique samples we detected during the second half of 2008 broken by the category: Quite expectedly, the most common malware samples are files that got infected by viruses for the reason explained above. Yet, the numbers for the other categories are high as well. Over 16 million unique trojans, 5.5 million malicious downloaders and droppers, and nearly a million unique exploit files were detected. Here’s the monthly trend: Many of the trojans are used as part of rogue security software. In particular, we started removing the trojans with the MSRT in December in addition to blocking them with our other products. These trojans use server-side polymorphism and that explains the spike we see in the number of trojan samples in December. During that month, we detected nearly a million new unique samples of the Win32/FakeXPA trojans. In contrast to malware, spyware and Potentially Unwanted Software usually do not use these tricks to evade detection and their number of samples is comparatively low. Yet they still affect large number of users. See the SIR and the following blog post for details. Here are the malware families that had the highest number of samples in 2H08. First, two families of viruses show: And then other malware families follow (some of them are viruses as well). Overall, these numbers show that any attempt to block malware by maintaining lists of bad hashes is doomed to fail. Security vendors should focus on generic and heuristic signatures to maintain effective protection against malware proliferation. For more information, please see the “Trends in Sample Proliferation” section in the most recent SIR. Joe Faulhaber & Ziv MadorMicrosoft Malware Protection Center