Data from McAfee indicates 245 per cent growth in the number of malware being developed from 2006 to 2007, with a further 300 per cent growth projected from 2007 to 2008. And year to date, McAfee said the amount of malware generated has already surpassed 2006 and 2007 combined.
"Cyber crime has completely altered the landscape we're dealing with today," said Dave Marcus, director, security research and communications for McAfee Avert Labs. "All the malware we're seeing today is driven 100 per cent by money, and is designed to harvest information we're going to see sold on the underground."
Marcus said there's a fully developed underground system that has developed, almost a malware industry. One group discovers the vulnerabilities, another writes the code to exploit them, another spreads and distributes the code, then another gathers the results and sells them on the open market.
Most malware today is password-stealing trojans designed to steal usernames and passwords, usually banking information. Usually malware developers won't loot the accounts themselves, said Marcus, but rather sell the information to a third-party for a premium, a phenomenon known as credit card dumping.
Increasingly, said Marcus, social networking is being used to spread malware, and Web 2.0 is fast becoming a malware writer's best friend. Sites such as Facebook and MySpace are bring "used and abused," said Marcus, as a platform to send malware out into the wild.