Malware

Definition:
Malicious [Soft/hard]ware, anything that has the intent to harm a computer via damage or theft.

Information from Phishing Exposed:

In 2003, the established concept of a single mega-virus changed. Agobot, followed by Sasser and Berbew, took a different tack:
Rather than one mega-worm like Nimda or Code Red, this software consisted of hundreds of variants, each slightly different. The goal was not to become a mega-worm but rather to infect a small group of systems—more specifically, client-side systems. This approach provided two key benefits to the malware authors:

■ Limited distribution, equaling limited detection
■ Rapid deployment

The former benefit took the effective position that as long as the malware is not widespread, the antivirus (AV) vendors would be less likely to detect it ( AV vendors rate their risks based on the number of reports, not necessarily what kind of activity the malware performs).This, at minimum, prolongs the life of the virus before detection; thus the return on investment is quite sufficient. Secure Science was in possession of a version of Berbew that was not picked up by the major AV vendors for more than nine months.

The latter point, regarding deployment methods, is demonstrable by certain records regarding the Sasser virus. Nearly a hundred variants of Sasser were identified in less than three months. Each variant requires a different detection signature, and the rapid modification and deployment ensures that AV vendors will overtax their available resources, becoming less responsive to new strains. It will also ensure that some strains may never be detected.

Charter for Mal-aware.org & Malware:
Turning the tables on malware will be difficult, but does not have to be a cat and mouse game. The AV industry has become a tired band-aid that has no real effect against malware that has clandestine intent. Intelligence gathering, network monitoring, reverse code engineering and awareness are the key to mitigating the risks of malware. With these components, one can recover stolen data, identify malware authors, and assist with their apprehension.