Symantec Global internet Security threat report
Number of new signatures
Figure 10. New malicious code signatures Source: Symantec.
the number of new malicious code signatures has shown significant growth by more than doubling on a year-to-year basis between 2006 and 2008. new signature creation in 2009 continued the upward trend and resulted in a near doubling of the total number of signatures. the previous Symantec Global Internet Security Threat Report noted that malicious code being developed for the underground economy is increasingly well organized and professional.123 this trend is likely continuing to drive the creation of malicious software because of the lucrative nature of online fraud.
the slight decline in the rate of growth should not discount the significant number of new signatures created in 2009. Signature-based detection is lagging behind the creation of malicious threats—something which makes newer antivirus technologies and techniques, such as behavioral-based detection, increasingly important. For example, of the threat instances that Symantec’s reputation-based techniques protected users from in 2009, approximately 57 percent corresponded to singletons. this finding is consistent with the overall observation that malicious code authors are creating unique threats using techniques such as packing, obfuscation, and server-side polymorphism. this trend suggests that security technologies that rely on signatures should be complemented with additional heuristics, behavioral monitoring techniques, and reputation-based security. Moreover, with the advent of malicious software toolkits (such as Zeus), relatively inexperienced users can quickly create targeted threats.124 For example, in 2009 an unnamed but targeted trojan successfully stole bank account credentials and was directly responsible for the theft of thousands of dollars.125
123 124 125
h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - w h i t e p a p e r _ i n t e r n e t _ s e c u r i t y _ t h r e a t _ r e p o r t _ x i v _ 0 4 - 2 0 0 9 . e n - u s . p d f : p . http://securitywatch.eweek.com/botnets/playing_god_zeus_diy_botnet_kit_evolves.html http://www.krebsonsecurity.com/2010/01/money-mules-helped-to-rob-w-va-bank/ 1 0