EVERY year a computer worm emerges to stalk the internet, each one seemingly bigger and badder than the last (see diagram). Although they seem to come from nowhere, every new bit of malware has a history. Sussing out the family resemblances could generate a faster response to future threats.
"Our vision is to have a database of the world's malware, which people can use to share insights," says Josh Saxe from Invincea labs in Fairfax, Virginia. His firm's scheme is based on a novel method for classifying malware, the programs hackers use to steal passwords, send spam and carry out other nefarious activities.
Malware is produced at such an astonishing rate that security experts already have automated systems for classifying new strains. But many of their plans are based on analyses of malware code, which hackers can often disguise. The new approach focuses instead on the behaviour of the malware itself.