The total number of detections in the years prior to 2007: 250,000.
Total number at the end of 2007: 500,000.
In other words, it took just one year to double a number reached over a 20 year period.
F-Secure is quick to point out that most of the new malware detected were variants on past code: "Genuine innovation appears to be on the decline and is currently being replaced with volume and mass-produced kit malware."
However, there is not really much consolation or comfort in this. The research indicates that "while new techniques weren't developed—the existing techniques were refined and adapted for much greater effectiveness. There are some very dangerous faces in the big crowd."
As Wired observes: "That mighty morphing malware menace is one of many signs that individual fraud artists, organized crime and Eastern European hackers are transforming the face of online crime."
There are several serious implications, including the following:
- If you are responsible for security corporate IT assets, get ready for an even more challenging year in 2008.
- If you use the Internet (and who doesn't?) you need to be more careful than ever.
- If you are a soveriegn state and would like it to stay that way, you're going to have to do a better job of information infrastructure protection.
- If you are still tempted to poke around in computers that don't belong to you or try your hand at some harmless worm or virus code, STOP! One of these days a judge is going to throw the book at someone out of an understandable urge to make an example. You really don't want to be that someone.
Oh, and for the record, "harmless worm or virus" is an oxymoron. Anyone who thinks that he--and it is typically a 'he' that thinks this way--can write code that will behave predictably and benignly on every system out there, hasn't done enough thinking.