Interesting data from Andreas Marx at AV-Test.org. This chart shows the growth of unique samples (by MD5) per year.
Year # of unique samples (MD5)
It’s worth noting that these numbers are also increasing because of variants — i.e. the same Trojan will be changed sometimes hourly or daily just to try and fool the scanners. So it’s not like there’s over 5 million unique pieces of malware. There are many that are variants of the same piece of malware.
Nevertheless, this is a good representation of the staggering load of malware that anti-malware folks are under. Like most companies, we’re processing gigabytes of malware daily. Our automated systems like our Sandbox help; but in the end, manpower plays a key role in being ahead of the game. There’s the HUMINT aspect, like hunting down new malware and tracking IPs and locations of the bad guys; but also reverse engineering and specialized code and signatures created for difficult malware. And, there’s difficult coding needed to deal with rootkits and the like.
It’s why being a security company (especially in AV or antispyware) these days is a whole new game. No longer can a company compete with a few folks in the lab and a group of good programmers. They’re out there: Little companies with small teams working an antispyware or antivirus product, but it’s hopeless. A small platoon won’t win this war. You need a brigade.
Update: Just to make sure everyone understands, these numbers are not cummulative.