Best I could tell from reading the report is that Panda Security counts each sample it gets as "new and different." Not sure what that means. Does that include samples created by a virus writer who ran it through a malware kit and made 300 variants that would be detected with already existing signatures? Did Panda have to write 25 million unique signatures last year? I'm not sure. but I doubt it.
What I am sure of is that these malware counts are as useless as they are meaningless. Here's what I wrote last summer, in the post mentioned above, on the topic:
Should these numbers raise your concern? Not really.
The bad guys are out there, and they're active. We know this. What these numbers show is how easy malcode is morphed. Malware authors have created ways to change their code, in fact, sometimes each time a page is refreshed new code is generated. Does it matter that it is "new" each time the page is reloaded? No. What matters is how vulnerable your systems and your users are to the types of attacks, or threats, coming at them.
These "malware" threats range from old school viruses, keystroke logging Trojans, and backdoors to new complex bots (which make it possible for infected systems to send spam or launch denial of service attacks); to modern redirectors that will send users to fraudulent Web sites regardless of what the user types in the URL bar, and downloaders that are used to plant any type of malware the attacker wishes on a user's system.
That was true in June, it was true (to a much smaller scale) in the 1990s, and it'll be true for probably as long as we're all breathing.
So, please, spare us the hype, and provide insight we can put to use.
However, the report, available here as a .PDF, did provide an interesting overview of attacks and malware in 2009, including social engineering trends and Web 2.0-based attacks, Trojans, and Conficker, and more politically motivated hacking.
Here are a number of predictions in the report:
More security will be provided through the cloud.
The "avalanche" of malware will continue.
More drive-by Web downloads, social engineering, and BlackHat SEO
Malware writers will have to adjust to Windows 7; they'll do so, but it will take a couple of years.
This year won't be the year of widespread mobile phone malware. Attacks aimed at OS X will edge up