On Sun, 16 May 2010 23:49:00 BST, lsi said: > Malware is flooding at 243% (+/- error). This is consuming the > oxygen in your machine.
The basic error in your analysis is that although there may in fact be 243% more malware samples, that doesn't translate into 243% more oxygen consumption. Consider a pizza cut into 8 pieces and somebody comes along and eats 6 of them. Now consider an identical pizza cut 16 ways and somebody eats 12 slices. The rate of slice consumption has doubled, but the actual amount of pizza consumed hasn't changed. Similarly, the fact there's (say) 5 million new malware samples doesn't mean there's 5 million new holes in Windows this year. What you have is 5 million new ways of poking the same 20 or 30 new holes. This makes it a lot easier for the A/V companies. Although they may have 37 different samples, there's a very good chance they were produced using a Metasploit-like mindset - "pick an exploit, add a payload, launch". And 37 samples that use the same exploit but have 37 different payloads need one detection rule (for the exploit), not 37.
pgpS5P6hT3cAt.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
