According to Ferguson, whilst the anti-malware industry is still working on agreeing standards for effective product testing, the criminals already know it's no longer all about the files.
"A few years ago, criminals figured out that traditional anti-malware solutions could be overcome by a surge in the volume of malicious files. If malware code could be rolled often enough, then by the time the security companies had a pattern file available it would already be out of date", he said.
"This realisation is responsible for the exponential growth in malware we have seen over the past three or so years, a growth that has put a serious dent in overall detection rates of file-centric security solutions", he added.
Ferguson went on to say that one of the services that has grown up around this explosion of variants is the file-scanning on demand against multiple security vendors.
"Of course it was always going to happen, but the criminals have seen the industry's response to the threat of volume and their service offerings are evolving to cope", he said in his Countermeasures blog.
"Any decent security solution now will include detection for the threat as a whole, examining not only the malicious file, but the source email or the destination website or IP to get a holistic view", he added.
As a result of this, Ferguson argues that it is starting to become important for criminals to know not only when their file is being detected, but also when their web presence for distribution of `Command & Control' systems gets blacklisted, and they need that information in real time.
"Enter AdwareSpywareDetective, a file scanning service that has been online since October of 2009", he said, noting that a colleague pointed out that the service has evolved since its launch.
Now, he says, not only do they offer file scanning by subscription but will also include Domain, IP and URL scanning against sixteen different databases, including ZeuS Tracker, Malware Domain List, Spamhaus, Google Safe Browsing and Microsoft SmartScreen,
Interestingly, Infosecurity notes that the service has recently reported it has made its 500,000 scan - using 27 vendor technologies 16 domain, IP or web databases, and has received positive reviews from Cnet and Softpedia.