Microsoft just released the "Microsoft Security Intelligence Report" for the time period of July-December 2008. This report is a monster, topping 180+ pages! It may take a while to read through, but there is a bunch of interesting data available for review.

I skimmed through the report and found myself slowing down around page 86 where Microsoft discusses the number of virus variants detected in the wild. In the second half of 2008 there were 95 million malicious samples detected by Microsoft security products. This means that.....

Hold On, did I just write 95 million malicious samples? 1/2 million a day? That is a *big* number

There are 2 main reasons for this high number:

1. Samples are counted for each infected file, even if the virus is the same
2. Polymorphic viruses change with each infection thereby creating many variants

How you are protecting against this malware in your environment? If your answer is just "Endpoint Anti-Virus (signature based)" then you have a problem. Your A/V vendor could not possibly provide you with 1/2 million signature definitions a day (or even a tiny percentage of this.) You wouldn't want it anyways, since your machine would stop functioning if it had to deal with such a large virus database.

However, there are ways to deal with polymorphic viruses. Most of the A/V vendors are extending their solutions beyond pure signature-based detection. Plus, there are other solutions that don't rely on signatures at all. If you are responsible for protecting corporate assets then make sure to educate yourself on the solutions available today.