Two major security companies released some very interesting numbers today. Symantec published numbers which showed that 12.3% of the malware it detected in September 2009 was new. And Panda Security published a report which demonstrated (amongst other things) that world-wide malware infections were up 15% in September. Sounds like another gloomy day in the security world, hey?

Not necessarily. Symantec also published some very positive news. For example, the percentage of email that are infected with malware actually dropped 0.09 percent in September. And, the number of phishing emails dropped 0.11 percent.

So what does all of this mean? Malware numbers are rising and new malware is constantly being introduced. But, methods are changing - there was less email phishing and fewer email infections in September. Maybe malware has reached its peak and things are about to settle down. Or, maybe this is a horrible example of the power of mass media.

For years, security types have told people not to open up strange files that they get in emails. A few simple searches on Google returns thousands upon thousands of pages that are devoted to this subject. Even newspapers have gotten in on the act, repeating that mantra in features on internet security. Over the last couple of years, the mantra has changed a little bit. Now, we are not supposed to open up strange files, or click on links that we get in emails. The marketing industry is based off of this dynamic - high enough saturation results in a change of attitudes, and a change in attitude more often than not changes behaviour.

If email users are no longer open up strange files or clicking on links, it makes sense that cyber criminals are no longer trying to attack people with these methods. Makes sense, right?

But now let's look at the flipside of this argument. Media saturation is not always a good thing. For example, go through this blog's archives and see if you can spot a trend. How many weeks go by without at least one of my 'sky is falling' posts? If you go through all of my articles, the vast majority are negative - malware is on the rise, identity theft is on the rise, botnets are powerful, and on and on.

This wouldn't be so bad, except that I am not the only blogger who constantly talks about how much malicious software there is. And frankly, we write about this stuff because there is a demand for it - check out this graph from Google's amazing Insights for Search tool:

As you can see, search volumes for the term 'malware' have been rising steadily. People are clearly very concerned about malicious software. To fill this need, bloggers and mainstream media organizations are writing content about malicious software. Media saturation can change attitudes and attitudes are changing behaviour. But what happens when a person with a malicious mind is exposed to these sorts of messages?

What if opportunists with technical skills and an internet connection are reading these reports and deciding that they want in on the game? With all apologies to the Cranberries, 'if everyone else is doing it, why can't we'? Perhaps media saturation is normalizing malicious software. Perhaps there is so much coverage that people are becoming immune to the fact that writing and releasing malware is technically a crime.

This article is not meant to call anyone out, nor is it meant to insult any of the incredible researchers who have taught me so much while protecting so many. Best of luck, stay safe and have a wonderful weekend!