X hits on this document

PDF document

Symantec enterpriSe Security - page 48 / 97

280 views

0 shares

0 downloads

0 comments

48 / 97

48

Symantec Global internet Security threat report

3,000,000

2,895,802

2,500,000

Number of new signatures

2,000,000

1,500,000

1,000,000

708,742

1,691,323

500,000

0

20,254

2002

19,159

74,981

113,081

167,069

2003

2004

2005

2006

Period

2007

2008

2009

Figure 10. New malicious code signatures Source: Symantec.

the number of new malicious code signatures has shown significant growth by more than doubling on a year-to-year basis between 2006 and 2008. new signature creation in 2009 continued the upward trend and resulted in a near doubling of the total number of signatures. the previous Symantec Global Internet Security Threat Report noted that malicious code being developed for the underground economy is increasingly well organized and professional.123 this trend is likely continuing to drive the creation of malicious software because of the lucrative nature of online fraud.

the slight decline in the rate of growth should not discount the significant number of new signatures created in 2009. Signature-based detection is lagging behind the creation of malicious threats—something which makes newer antivirus technologies and techniques, such as behavioral-based detection, increasingly important. For example, of the threat instances that Symantec’s reputation-based techniques protected users from in 2009, approximately 57 percent corresponded to singletons. this finding is consistent with the overall observation that malicious code authors are creating unique threats using techniques such as packing, obfuscation, and server-side polymorphism. this trend suggests that security technologies that rely on signatures should be complemented with additional heuristics, behavioral monitoring techniques, and reputation-based security. Moreover, with the advent of malicious software toolkits (such as Zeus), relatively inexperienced users can quickly create targeted threats.124 For example, in 2009 an unnamed but targeted trojan successfully stole bank account credentials and was directly responsible for the theft of thousands of dollars.125

123 124 125

h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - w h i t e p a p e r _ i n t e r n e t _ s e c u r i t y _ t h r e a t _ r e p o r t _ x i v _ 0 4 - 2 0 0 9 . e n - u s . p d f : p . http://securitywatch.eweek.com/botnets/playing_god_zeus_diy_botnet_kit_evolves.html http://www.krebsonsecurity.com/2010/01/money-mules-helped-to-rob-w-va-bank/ 1 0

Document info
Document views280
Page views280
Page last viewedThu Dec 08 04:44:12 UTC 2016
Pages97
Paragraphs2532
Words45916

Comments