Fighting Targeted Malware: Why Signatures, Behaviour Blocking and White-listing are Not Enough

http://afitc.gunter.af.mil/2011Presentations/SeminarSessions/Symantec%20-%20Fighting%20Targeted%20Malware.pdf

I believe the presentation makes several good points, once you look beyond the "Hey! Check out Symantec's new reputation push" propaganda...

•  Malware authors have switched tactics...
• From: a mass distribution of relatively few threats (e.g. Storm)
• To: a micro distribution model (e.g. average Vundo variant is pushed to only 18 Symantec users).

This micro distribution model leads to low prevalence of malware (even more so for advanced targeted malware) which causes problems with standard blacklist / whitelist / signature-based & even reputation-based protection solutions.