So there’s a post over at F-Secure’s blog:
There’s a growing trend here. We’ve been saying for some time that the lack of large virus outbreaks is evidence that the malware environment could be getting worse, not better. The bad guys want to make money – not make attention. So as a malware author, if you want to target a few prominent companies for the purpose of industrial espionage, you design your exploit to attack them within and then lay low. Spoofed e-mails are sent to company insiders and they, thinking it’s just another document that they need to review, open it up and the backdoor gets installed.
So while I follow the logic, I have a question: If fewer outbreaks are evidence that things are getting worse, are more outbreaks evidence things are getting better? If not, is there any evidence possible of things getting better, or are they always getting worse?
[Update: Linked to the post. Sorry about that! F-Secure doesn’t have per-post archive pages, but the post is titled “Exploit Wednesday.”
Also, lacking deep insight, I don’t dispute what they’re seeing or saying. I’m simply asking if it were to be the case that things were getting better, what would the evidence look like?]