X hits on this document

PDF document

Symantec enterpriSe Security - page 49 / 97

269 views

0 shares

0 downloads

0 comments

49 / 97

Symantec Global internet Security threat report

New malicious code families

Symantec analyzes new malicious code families detected during each reporting period to determine which threat types and attack vectors are being employed in the most prevalent of the new threats. this information also allows administrators and users to gain familiarity with threats that attackers may favor in their exploits. insight into emerging threat development trends can help bolster security measures and mitigate future attacks.

in 2009, there were six trojans, three worms, and one virus in the top 10 new malicious code families detected (table 11). two of the three worms include a back door component.126 Volume Xiii of the Symantec Global Internet Security Threat Report noted that the growing prevalence of trojans is indicative of multistage attacks.127 A multistage attack typically involves an initial compromise followed by the installation of an additional piece of malicious code, such as a trojan that downloads and installs adware. As with 2008, in 2009 four of the top 10 new malicious code families downloaded additional threats (these multistage attacks are examined in detail in “Staged downloaders—multiple infections by type”). it should also be noted that, although Downadup was a major threat and received significant media attention, it was discovered in 2008 and is, therefore, not considered a new malicious code family for this reporting period.

4

Ergrun

Trojan

5

Pilleuz

Worm, back door

Rank

Sample

Type

1

Induc

Virus

6

Mibling

Worm, back door

7

Kuaiput

Trojan

8

Fostrem

Trojan

9

Interrupdate Trojan

10

Swifi

Trojan

2

Changeup

Worm

3

Bredolab

Trojan

Vectors Delphi® files

Impact

Infects the Delphi compilation process to spread to all compiled Delphi files

Mapped and removable drives

Downloads additional threats

N/A

Downloads additional threats, including Trojan.Fakeavalert

N/A

Downloads additional threats Allows remote access

File-sharing, instant messages, removable drives

Instant messages N/A N/A N/A

Allows remote access and lowers security settings Downloads additional threats Downloads additional threats

Blocks security-related updates and sniffs network traffic

N/A

Exploits a vulnerability in Adobe Flash Player and may lower security settings

Table 11. Top new malicious code families Source: Symantec

126

127

Back door components allow attackers to remotely connect to a compromised computer, typically using a specialized application. Once connected, the attacker can perform numerous actions such as taking screenshots, changing configuration settings, and uploading, downloading, or deleting files. http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf : p. 46

49

Document info
Document views269
Page views269
Page last viewedWed Dec 07 13:26:36 UTC 2016
Pages97
Paragraphs2532
Words45916

Comments