I remember that some time ago, a group of researchers used automatic generators to create a few tens of thousands of variants of some malware, just to do some testing of A/V engines. And I remember how all the A/V people were complaining how irresponsible that was bla bla bla, as now they would have to work after hours to fight all this new malware. What a BS!
For any given class of a bug (think: exploits), or a file infection method (think: viruses), or a system compromise technique (think: rootkits, stealth malware), one can come up with pretty much infinite number of examples that would be exploiting the specific bug, the specific file infection method, or the specific system compromise technique. One virus would display you a “Hello, you’re being 0wned, sir.” Message, while the other one would just flash your keyboard leds. Sure, two different beings, but if exploiting the same mechanisms, also the protection against them is the same.
But, I know, it looks so cool in the news to read: “The number of viruses, worms and trojans in circulation has topped the one million mark”. It’s most definitely a good way to scare all the housewives and make them to rush to the computer shop at the coroner to buy the brand new A/V product that already can detect 99.9% out of all those scary things out there.