Although widespread virus outbreaks may be a thing of the past, the total amount of malicious software being written is on the rise, according to McAfee Inc.
On Tuesday, McAfee vendor added the 200,000th definition to its threat database, and the security vendor expects the total number of identified threats to double in another two years. McAfee’s antivirus products use these definitions as digital fingerprints to determine which software should not be allowed to run on a user’s PC.
After a bit of a lull in their efforts, virus writers have spent the past few years creating more of this software than ever before, said Jimmy Kuo, a research fellow with McAfee’s Avert Labs.
Between 1999 and 2002, when McAfee’s database held steady at around 50,000 definitions, but since then, the number of different worms and viruses being created has jumped, he said.
At the same time, the number of serious outbreaks has dropped dramatically. In 2004, McAfee counted 48 virus outbreaks of at least medium severity. In 2005, that number dropped to 12. This year there haven’t been any.
These trends reflect the growth and increasing professionalization of hacker culture that no longer seeks the fame that accompanies a worldwide virus outbreak. Instead of fame, hackers want money, Kuo said.
“There are now hackers for hire in spamming and phishing campaigns and they’re in it to work,” he said. “When you create a big incident… the police react and they go searching for you,” he added. “So the bad guys don’t create these incidents anymore.”
McAfee may be bragging that it has discovered a large number of virus definitions, but there’s a down side to all of this good work: sluggish computers.
There are now more antivirus signatures than there are files on a typical PC, according to Andrew Jaquith, a senior analyst at the Yankee Group. “Collectively the industry is creaking under the load of all of it,” he said.
With its 200,000 definitions, McAfee’s software is going to cause some trouble on some PCs, Kuo admitted. “For those companies that still have really old machines, they basically stop updating their dat [virus definition] files after a while,” he said. “If you run it on a 1998-style machine, it’s not going to run very well at all.”
But even if newer “behavior-based” antivirus techniques begin to take a front seat in identifying viruses, definitions will not go away because they serve an important role in cleaning up systems that have already been compromised, Kuo said. “In terms of preventing you might lean more upon behavior-based [techniques]” he said. “But after you’ve been hit by something you’re going to want to go to definitions.”
Kuo’s blog posting on the 200,000th virus definition can be found at this Web site.