X hits on this document

PDF document

Symantec enterpriSe Security - page 51 / 97

340 views

0 shares

0 downloads

0 comments

51 / 97

Symantec Global internet Security threat report

Prevalence of malicious code types

Analyzing the prevalence of malicious code types provides insight into the general diversity of the threat landscape. Combined with the data from other metrics, this helps Symantec more accurately determine emerging trends in malicious code. During this reporting period, the overall volume of the top 50 potential malicious code infections doubled from 2008 to 2009; therefore, decreases in percentages do not likely indicate a year-over-year decline in potential infections. As in previous reporting periods, trojans composed the highest percentage of the volume of the top 50 potential malicious code infections (figure 11), although the percentage dropped from 68 percent in 2008 to 56 percent in 2009.138

Type

Trojan

56%

68%

Worm

29%

43%

Virus

19%

32%

2009

2008

Back door

13% 15%

0

10

20

30

40

50

60

70

80

Percentage of top 50 by potential infections

Figure 11. Prevalence of malicious code types by potential infections Source: Symantec

the previous two volumes of the Symantec Global Internet Security Threat Report discussed the possibility that attackers are gravitating toward the extensive use of a smaller number of more successful trojans.139 the Bredolab trojan is a good example of this: its flexibility, style of downloading new threats, obfuscation, and polymorphism mechanisms together enable it to be easily customized for specific targets. its success corroborates the hypothesis of attackers using smaller numbers of more successful trojans more often.

the proportionate decline in trojan activity observed in 2009 is also likely due to the rise in worm and virus activity. For example, the top malicious code sample causing potential infections in 2009 was the Sality.AE140 virus. the main goal of Sality.AE is to download and install additional malicious software on a victim’s computer. the virus also prevents access to various security-related domains, stops security- related services, and deletes security-related files. the virus also infects .exe and .scr files on a victim’s local drive as well as on any writable network resource. it also spreads by copying itself to attached removable drives.

138

139

140

Because malicious code samples may be comprised of multiple components that are each classified as different types, cumulative percentages discussed in this metric may exceed 100 percent. h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - w h i t e p a p e r _ i n t e r n e t _ s e c u r i t y _ t h r e a t _ r e p o r t _ x i v _ 0 4 - 2 0 0 9 . e n - u s . p d f a n d h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - w h i t e p a p e r _ i n t e r n e t _ s e c u r i t y _ t h r e a t _ r e p o r t _ x i i i _ 0 4 - 2 0 0 8 . e n - u s . p http://www.symantec.com/security_response/writeup.jsp?docid=2008-042106-1847-99 d f

51

Document info
Document views340
Page views340
Page last viewedWed Jan 18 06:34:46 UTC 2017
Pages97
Paragraphs2532
Words45916

Comments