Malware to hit 1 million mark in days

Security vendor, F-Secure is days away from capturing its unprecedented one millionth piece of malware.

"Gone are the days where you had to worry about someone trying to rob your car or mug you in the streets. Thanks to the internet, we now have to worry about criminals that are far away."

This was the grave warning Chia Wing Fei, security response team manager at F-Secure’s Malaysian headquarters, gave to a room full of visiting journalists last week while confirming what so many users may not yet understand: "the fight [against cybercrime] has just begun."

“Today, we’re roughly at about 930, 000 catches," Fei said.

Describing the transformation, he said from 2005 onwards malware that was profit-orientated appeared, where people used malware to steal passwords and copy information off victim PCs.

“Then from 2006 we saw huge growth in malware reaching 250, 000 and in 2007 it got worse, it doubled. Just this year alone, after six months, we’re very close to doubling last year's figures - we are very close to the one million mark.

"That is kind of surprising, it’s more than we’ve ever seen,” said Fei.

It’s not just the rapidly growing volumes that's of concern -- it’s also the exuberant profits; the widely-available and simple to use malware-creating tools, and the fact that law-enforcement agencies are yet to enforce tough enough punishments.

Fei said new tools for creating malware are fully customisable and give the ability to DDos anyone including competitors.

“[And] the money is actually good. [Cyber-criminals] make millions from renting botnets and yet they don’t get caught. They could be doing it form Brazil but the victim is in Australia.

"Then when authorities want to get evidence for this type of crimes, it’s a huge challenge. How do you collect the information?” Fei aked.

According to F-Secure, since 2006 botnets remain the biggest problem PC users face today. Fei admitted that to this day, researchers are trying to figure out how to shut down a botnet system such as Storm, while stealth methods such as targeted attacks are on rise.

Targeted attacks are specially crafted to evade anti-virus software, Fei said. This has increased in the past six months and the motivation is not money, it’s information: corporate espionage.

Furthermore, websites that in the past were deemed safe, including news and finance or even government sites, are no longer considered trusted sites as the bad guys target IE vulnerabilities.

The fight has just begun and we're here to fight it, said Fei.

fsecurehitsmalwaremarkmillionsecuritythe