It seems like outbreaks of malware over the past year, have increased significantly on Windows platforms. And, so far, there seems to be no end in sight at the moment. If anything, these outbreaks will continue and become even more complex. Currently, I've been seeing malware get through several layers of security which includes Symantec Endpoint Protection 11.6, Websense 7, and up to date Flash, Java, Adobe Reader, etc.
First, malware (and viruses) put a huge strain on IT resources. It takes only a few seconds for malware to corrupt a Windows user's profile folder or PC. But can take hours to clean up as well as research to find the source. Locating the source is nearly impossible without careful inspection of the user's activity and resources accessed around the time that the malware seemed to appear. Sometimes, the malware will reside on the PC far in advance from the time that it begins to actively show signs.
Not only does it take a good amount of IT resources to try and find the source of the malware, but also to prevent it on other PCs as well. Keeping Flash, Java, Adobe Reader, and Windows all up to date is nearly a full time job. New versions of each product come out within weeks of each other, and they should be thoroughly tested for compatibility then rolled out to PCs. This can take hours per week.
The top two malware forms that we've seen recently either hose the Windows profile which disables the user from running any programs, or fills the C drive with junk files causing it to fill up and slow to a complete crawl. All of which, are able to bypass all Windows XP and 7 security features as all users are running with limited (non administrator) access.
I've talked with colleagues in IT and they too are seeing the same activity and are also seeing the same strain on IT resources as well. It's becoming more of a problem and a challenge for IT administrators. Locating a product to help eliminating this malware is also difficult as no single product seems to work alone. It is a combination of products, that is more effective, but that too also needs to be tested because these products can conflict with each other, too.