Anti-Virus Firms Scrambling to Keep Up

By Brian Krebs Staff Writer
Wednesday, March 19, 2008; 11:12 AM

The sheer volume and complexity of computer viruses being released on the Internet today has the anti-virus industry on the defensive, experts say, underscoring the need for consumers to avoid relying on anti-virus software alone to keep their home computers safe and secure.

Approximately 5.5 million malicious software programs were unleashed on the Web last year, according to AV Test Labs, a German company that measures how quickly and accurately anti-virus products detect the latest malicious software, also known as "malware." That volume, AV said, forced anti-virus firms to analyze between 15,000 and 20,000 new specimens each day -- more than four times the daily average they found in 2006, and at least 15 times as many the company recorded in 2005. In the first two months of 2008 alone, AV Test found more than one million samples of malware spreading online.

"Back in 1990 we were seeing a handful of new viruses each week," said David Perry, global director of education for Trend Micro, an anti-virus company headquartered in Japan. "Now, we're having to analyze between 2,000 and 3,000 new viruses per hour."

This glut of malware is the result of a long-running digital arms race between security companies and criminals intent on stealing personal financial data from vulnerable computers and using networks of commandeered PCs for all manner of lucrative criminal enterprises -- from sending spam to hosting scam Web sites.

The rapid increase of viruses and other malware has forced the anti-virus industry to overhaul its traditional approach writing its software, with the result that security products on the market today are far more powerful and sophisticated. But many observers say that despite all its new bells and whistles, the anti-virus industry as a whole continues to fall behind in identifying the very latest malicious software.

The challenge, security experts say, is that criminal groups responsible for manufacturing most of the malicious software in circulation today are reinvesting their illicit profits in research and recruiting talented computer programmers. A special emphasis is placed on creating malware that coexists peacefully with an infected computer system, doing its work quietly in the background.

"A lot of these [malware] shops are now hiring professionals and doing quality assurance work, things that generally make the job of the anti-virus researcher that much harder," said Randy Abrams, director of technical education at ESET, an anti-virus company based in Bratislava, Slovakia.

Nightmarish Arms Race

Spurred by enormous profits, organized criminals largely based outside of the United States and Western Europe are automating the creation and modification of new viruses, making it possible to churn out thousands of variations of the same viruses every few hours in a bid to stay a step ahead of the anti-virus firms.

Malware writers increasingly are taking steps to ensure that computers infected with their creations stay infected, according to security researchers. In years past, no matter how quickly an anti-virus product shipped updates to detect the most recent malware, most anti-virus software would eventually sound the alarm if a virus managed to slip past its initial defenses.

But more of today's cyber criminals are continuously updating the malware they have managed to install on victims' computers replacing older malicious files with new ones in a bid to keep them hidden.

This strategy has had a profound impact on the daily operations of anti-virus companies. The industry has traditionally fought malware by maintaining large libraries of digital genes known as "signatures," tiny snippets of computer code pulled from known viruses and worms. Under this tried-and-true method, if the anti-virus software spots a match between a virus signature in its database and segment of code in the user's downloaded file or e-mail, the security software will alert that user that the program is malicious and attempt to block it from gaining a foothold on the system.

But the large volume of malware that anti-virus firms are processing each day has made it virtually impossible for those companies to create individual signatures for each new specimen. Instead, the anti-virus firms have been forced to invest heavily in methods and technologies for automating new malware analysis.

CONTINUED     1        >

© 2008 The Washington Post Company