Case Study: The Underground Economy of the Zeus Banking Trojan Horse

Research and Markets: Case Study: The Underground Economy of the Zeus Banking Trojan Horse

DUBLIN--(BUSINESS WIRE)--Research and Markets has announced the addition of the "Case Study: The Underground Economy of the Zeus Banking Trojan Horse" report to their offering.

“Case Study: The Underground Economy of the Zeus Banking Trojan Horse”

The banking Trojan horse ZeuS is one of todays biggest threats towards online banking. Being used to attack both companies and private individuals, this malware undergoes frequent mutations which demonstrate how technically innovative its author is.

Thanks to its technical nature and great flexibility, over the years ZeuS malware has become a major and long-term threat. First identified by researchers in 2006, this malware is a Trojan horse specialized in stealing banking credentials which directly attacks its victims web browser. The malware is also equipped with numerous high tech functions, including customer certificate theft, transparent redirection, on-the-fly rewriting of HTML pages and requested transactions, real-time notification of hackers, and complete take over of the infected machine. Identified in 2007 under the name of UpLevel, the author of ZeuS has surrounded itself with a close inner circle that is responsible for selling the malware. Numerous public versions are available at low prices or even free of charge. As these versions generally contain backdoors, they are reserved for amateur fraudsters, while private versions of ZeuS are sold for several thousands of dollars.

One group, included among the top ZeuS customers, operates a botnet comprising several tens of thousands of computers, specialized in stealing money via the ACH network in the United States.

The publisher's recommendation to banks is to adopt, if they haven't already done so, an authentication mechanism for online banking that is entirely multi-channel, meaning that no convergence point between the two channels exists. The web browsers used by banking customers must be considered first and foremost as a threat for online banking, and not merely as an opportunity to introduce new online services.

Key Topics Covered:

1 Introduction

2 An Expertise in Bank Data Theft

3 The Authors Multiple Faces

4 The Prevalence of ZeuS Infections

5 Analysis of ZeuS users

6 Analysis of ZeuS Targets

7 Risks Analysis

8 Recommendations

For more information visit http://www.researchandmarkets.com/research/685fb7/case_study_the_un

Contacts

Research and Markets

Laura Wood, Senior Manager

press@researchandmarkets.com

U.S. Fax: 646-607-1907

Fax (outside U.S.): +353-1-481-1716

Permalink: http://www.businesswire.com/news/home/20100625005559/en/Research-Markets-Case-Study-Underground-Economy-Zeus

Related articles by Zemanta

• Man-in-the-Browser (MITB) Attacks Targeting Online Banks (pindebit.blogspot.com)


• Yet Another Reason Banks Should Call for the Mass Adoption of Peripheral Card Readers for Online Banking (pindebit.blogspot.com)


• Zeus Trojan is just one of many daily attacks, says Santander boss (computing.co.uk)


• Banking Tojans (infoseccynic.com)


• Bank Trojan Zeus Takes Direct Aim At Firefox Users (lockergnome.com)


• Almost all Fortune 500 companies show Zeus botnet activity (arstechnica.com)


• Millions Snared in Web Fraud in U.K. with 3.7 BILLION Phishing Emails (pindebit.blogspot.com)


• Featured Post: Banking's BIG Dilemma: How to Stop Cyberheists via Customer PCs (pindebit.blogspot.com)


• Twitter Attack Pushes Online Banking Trojan (pindebit.blogspot.com)

Watch the Latest Security News in 90 Seconds - Sophos "90 Second News"

Sophos June roundup – "90 Second News"

Don't just read the latest computer security news – watch it in 90 seconds!

Learn how Facebook 'clickjacking' actually works. Find out why Google is in the dogboxover vulnerability disclosure. See which companies had PR disasters sending out malware this month. And smile at the latest cybercrime busts in Spain.

Watch and enjoy:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Or listen to the podcast:

22 June 2010, duration 1:59 minutes, size 1.9MB

Posted on June 22nd, 2010 by Duck

Related articles by Zemanta

• Try not to laugh xD: Worm spreads via Facebook status messages (sophos.com)
• 95% say Facebook needs to do more to fight clickjacking worms, poll reveals (sophos.com)
• Sophos VP of Global Channels Christopher Doggett to Keynote 3rd Annual Channel Management Summit (eon.businesswire.com)
• WARNING: Facebook Clickjacking Attack Spreading Through 'Likes' (mashable.com)
• Clickjacking Facebook worm spreading fast (v3.co.uk)

Feature Story: Twitter Attack Pushes Online Banking Trojan

Security Watch is reporting on one of the many reasons Kapersky Labs is calling for "mass adoption" of peripheral card readers for all Internet Banking users...browsers are just too dangerous and thus, simply put, websites cannot be trusted.

Twitter Attack Pushes Banking Trojan

Tripe DES DUKPT End to End Encryption vs. Typing sensitive data into a box in a browser Attackers are targeting Twitter users with a Trojan stealing online banking credentials, according to researchers. "The initial Trojan is downloaded to the victim machine by a malicious Java archive file," explained Dmitry Bestuzhev of Kaspersky Lab. "It has several malicious features, for example: spreading through USB devices; it disables Windows task manager, the regedit application and also notifications from Windows Security Center. Also it creates a copy of itself in the system with the name of Live Messenger. The criminals even included an anti-virtualization feature. The worm checks if the hard drive of infected system is virtualized or not. If found to be in a virtual system, the malicious code won't be executed." The malicious links being tweeted out come with the message "haha this is the funniest video ive EVER SEEN!" Researchers at F-Secure noticed the attack as well, and said the links in the tweets point to a page under pc-tv.tv. "This malware is very harmful since credit cards and online banking credentials are in the game," Bestuzhev blogged. "Please, be really careful especially with trend topics (searches) since in many cases they are being used by criminals."

Posted by Brian Prince on May 20, 2010 8:29 PM

Feature Story: Twitter Attack Pushes Online Banking Trojan

Security Watch is reporting on one of the many reasons Kapersky Labs is calling for "mass adoption" of peripheral card readers for all Internet Banking users...browsers are just too dangerous and thus, simply put, websites cannot be trusted.

Twitter Attack Pushes Banking Trojan

Tripe DES DUKPT End to End Encryption vs. Typing sensitive data into a box in a browser Attackers are targeting Twitter users with a Trojan stealing online banking credentials, according to researchers. "The initial Trojan is downloaded to the victim machine by a malicious Java archive file," explained Dmitry Bestuzhev of Kaspersky Lab. "It has several malicious features, for example: spreading through USB devices; it disables Windows task manager, the regedit application and also notifications from Windows Security Center. Also it creates a copy of itself in the system with the name of Live Messenger. The criminals even included an anti-virtualization feature. The worm checks if the hard drive of infected system is virtualized or not. If found to be in a virtual system, the malicious code won't be executed." The malicious links being tweeted out come with the message "haha this is the funniest video ive EVER SEEN!" Researchers at F-Secure noticed the attack as well, and said the links in the tweets point to a page under pc-tv.tv. "This malware is very harmful since credit cards and online banking credentials are in the game," Bestuzhev blogged. "Please, be really careful especially with trend topics (searches) since in many cases they are being used by criminals."

Posted by Brian Prince on May 20, 2010 8:29 PM

Trusteer Takes Top Honor at 2010 SC Awards, Europe

Rappport Heralded as Leading Solution for Securing Browser Communication from Keyboard to Website



LONDON--(BUSINESS WIRE)--Trusteer, the market’s leading provider of secure browsing services, today announced that it has been named “Best Secure Transactions Solution” in the 2010 SC Awards Europe competition. Trusteer took top honors for Rapport, a lightweight browser solution supported by 24x7 security analysis and reporting services

“For more than 30 years, SC Magazine has held one of the most prestigious and coveted awards in the European information security industry. These awards honor professionals working to secure enterprises and the vendor and channel communities that deliver the most innovative security technologies. For 2010, the judges have declared that Rapport is the best of the best when it comes to securing transactions.

“As the volume and frequency of online transactions continues to grow – unfortunately – so does the sophistication of malware designed to disrupt these transactions,” said Mickey Boodaei, CEO of Trusteer. “Rapport goes above and beyond what traditional security products can accomplish. Unlike solutions which rely on strong authentication, transaction verification and transaction monitoring, Rapport actually protects the data itself – securing Web sessions from start to finish. We’re honored that the industry experts at SC Magazine have chosen to recognize Trusteer for our vision and market leadership.”



Rapport is specifically designed to block financial malware on a machine from hijacking Web browser sessions and transactions, stealing sensitive data such as account credentials and using them to commit online fraud. It creates a vault around data entered and presented in the browser, maintains a tunnel for safe communication with the destination Web site and prevents redirection to look-alike Web sites. The end result for website users is a dramatic reduction in fraud and improved confidence in Web banking, while Rapport provides comprehensive fraud fighting intelligence to financial institutions.



Rapport includes a lightweight browser security solution and cloud-based analysis and reporting services. It is offered for download by online businesses such as banks and also to individuals via Trusteer’s Web site. The solution can be installed in-flow when a customer visits the online business Web site. This one-time process takes only a few seconds.



Award winners were notified at a special ceremony hosted by SC Magazine on Tuesday, April 27 at the Wyndham Grand London, Chelsea Harbour. For more information on the awards and ceremony, please visit http://www.scawardseurope.com/homepage.html



About SC Magazine



SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. The brand’s portfolio includes the SC Awards, SC Directory, SC Magazine Newswire and SC Magazine IT Security Executives Forums.



About Trusteer



Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables online businesses to secure communications with their customers and employees over the Internet and protect data against malware and fraudulent websites. It locks down the browser to secure browser communication and prevents zero-day malware and phishing attacks. Trusteer Flashlight allows organizations to remotely, effectively, and instantly investigate malware-related fraud incidents. Trusteer’s solutions are used by more than 60 leading financial organizations in North America and Europe and by more than 6 million end-users. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. For more information visit www.trusteer.com.

Trusteer Takes Top Honor at 2010 SC Awards, Europe

Rappport Heralded as Leading Solution for Securing Browser Communication from Keyboard to Website



LONDON--(BUSINESS WIRE)--Trusteer, the market’s leading provider of secure browsing services, today announced that it has been named “Best Secure Transactions Solution” in the 2010 SC Awards Europe competition. Trusteer took top honors for Rapport, a lightweight browser solution supported by 24x7 security analysis and reporting services

“For more than 30 years, SC Magazine has held one of the most prestigious and coveted awards in the European information security industry. These awards honor professionals working to secure enterprises and the vendor and channel communities that deliver the most innovative security technologies. For 2010, the judges have declared that Rapport is the best of the best when it comes to securing transactions.

“As the volume and frequency of online transactions continues to grow – unfortunately – so does the sophistication of malware designed to disrupt these transactions,” said Mickey Boodaei, CEO of Trusteer. “Rapport goes above and beyond what traditional security products can accomplish. Unlike solutions which rely on strong authentication, transaction verification and transaction monitoring, Rapport actually protects the data itself – securing Web sessions from start to finish. We’re honored that the industry experts at SC Magazine have chosen to recognize Trusteer for our vision and market leadership.”



Rapport is specifically designed to block financial malware on a machine from hijacking Web browser sessions and transactions, stealing sensitive data such as account credentials and using them to commit online fraud. It creates a vault around data entered and presented in the browser, maintains a tunnel for safe communication with the destination Web site and prevents redirection to look-alike Web sites. The end result for website users is a dramatic reduction in fraud and improved confidence in Web banking, while Rapport provides comprehensive fraud fighting intelligence to financial institutions.



Rapport includes a lightweight browser security solution and cloud-based analysis and reporting services. It is offered for download by online businesses such as banks and also to individuals via Trusteer’s Web site. The solution can be installed in-flow when a customer visits the online business Web site. This one-time process takes only a few seconds.



Award winners were notified at a special ceremony hosted by SC Magazine on Tuesday, April 27 at the Wyndham Grand London, Chelsea Harbour. For more information on the awards and ceremony, please visit http://www.scawardseurope.com/homepage.html



About SC Magazine



SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. The brand’s portfolio includes the SC Awards, SC Directory, SC Magazine Newswire and SC Magazine IT Security Executives Forums.



About Trusteer



Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables online businesses to secure communications with their customers and employees over the Internet and protect data against malware and fraudulent websites. It locks down the browser to secure browser communication and prevents zero-day malware and phishing attacks. Trusteer Flashlight allows organizations to remotely, effectively, and instantly investigate malware-related fraud incidents. Trusteer’s solutions are used by more than 60 leading financial organizations in North America and Europe and by more than 6 million end-users. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. For more information visit www.trusteer.com.

Trusteer Detects Rapid Spread of New Polymorphic Version of Zeus Online Banking Trojan

Completely Redesigned Malware Now Targets Firefox Browsers and has Already Infected One in Every 3,000 Computers

NEW YORK--(BUSINESS WIRE)--Trusteer, the leading provider of secure browsing services, today announced that a completely new version of the Zeus (Zbot) password stealing Trojan that targets online banking users has already been detected by the Trusteer Rapport service on one in every 3,000 computers it monitors.



This is an unprecedented rate of distribution for new financial malware code. Version 1.4 of Zeus, also known as version 2, now targets Firefox as well as Internet Explorer browsers and uses advanced polymorphic techniques to avoid antivirus detection.

“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before”

Trusteer used its Flashlight remote fraud investigation and mitigation service to link Zeus 1.4 with fraud committed against both commercial and consumer banking customers in North America and the United Kingdom. Flashlight was able to collect new Zeus configurations and code samples from infected computers. This new version of Zeus is completely different than versions 1.2 and 1.3.

The Internet’s Leading Banking Trojan

Zeus is considered the most trusted and robust malware platform for online banking fraud, and has been licensed by numerous criminal organizations to launch targeted attacks against a specific bank's customers. he new version of Zeus targets the growing population of Firefox users, in addition to Internet Explorer. Previous versions were incapable of exploiting Firefox to commit sophisticated online fraud against banks using strong layers of authentication. However, Zeus 1.4 supports HTML injection and transaction tampering for Firefox, two techniques which are effectively used to bypass strong authentication and transaction signing solutions.

“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “Fortunately, the Trusteer Flashlight and Rapport services have enabled us to detect the rapid distribution of Zeus 1.4 early and alert financial institutions. We are recommending they maintain a layered approach to malware blocking and make sure they have the proper detection, investigation, mitigation, and response tools in place.”

Poor Antivirus Detection Rates

Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent financial malware on the Internet today. It infects PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.

Antivirus detection of Zeus has a poor track record. In a 2009 report based on information gathered from 3 million desktops in North America and the UK Trusteer found that the majority of Zeus infections occur on antivirus protected machines. Specifically, Trusteer found that among Zeus infected machines 55% had up-to-date antivirus protection installed. The population of machines infected with older versions of Zeus is enormous -- one in every 100 computers according to Trusteer research. Zeus 1.4 was specifically crafted to avoid antivirus detection and uses advanced polymorphic techniques, which make antivirus technologies completely blind to it.

About Trusteer

Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables online businesses to secure communications with their customers and employees over the Internet and protect data against malware and fraudulent websites. It locks down the browser to secure browser communication and prevents zero-day malware and phishing attacks. Trusteer Flashlight allows organizations to remotely, effectively, and instantly investigate malware-related fraud incidents. Trusteer’s solutions are used by more than 50 leading financial organizations in North America and Europe and by more than 6 million end-users. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. For more information visit www.trusteer.com.

Contacts

North America:

Marc Gendron PR

Marc Gendron, 781-237-0341

marc@mgpr.net

or

United Kingdon:

Eskenzi PR Ltd.

Neil Stinchcombe, +44 20 71 832 833

neil@eskenzipr.com

Permalink: http://www.businesswire.com/news/home/20100421005587/en/Trusteer-Detects-Rapid-Spread-Polymorphic-Version-Zeus

Trusteer Detects Rapid Spread of New Polymorphic Version of Zeus Online Banking Trojan

Completely Redesigned Malware Now Targets Firefox Browsers and has Already Infected One in Every 3,000 Computers

NEW YORK--(BUSINESS WIRE)--Trusteer, the leading provider of secure browsing services, today announced that a completely new version of the Zeus (Zbot) password stealing Trojan that targets online banking users has already been detected by the Trusteer Rapport service on one in every 3,000 computers it monitors.



This is an unprecedented rate of distribution for new financial malware code. Version 1.4 of Zeus, also known as version 2, now targets Firefox as well as Internet Explorer browsers and uses advanced polymorphic techniques to avoid antivirus detection.

“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before”

Trusteer used its Flashlight remote fraud investigation and mitigation service to link Zeus 1.4 with fraud committed against both commercial and consumer banking customers in North America and the United Kingdom. Flashlight was able to collect new Zeus configurations and code samples from infected computers. This new version of Zeus is completely different than versions 1.2 and 1.3.

The Internet’s Leading Banking Trojan

Zeus is considered the most trusted and robust malware platform for online banking fraud, and has been licensed by numerous criminal organizations to launch targeted attacks against a specific bank's customers. he new version of Zeus targets the growing population of Firefox users, in addition to Internet Explorer. Previous versions were incapable of exploiting Firefox to commit sophisticated online fraud against banks using strong layers of authentication. However, Zeus 1.4 supports HTML injection and transaction tampering for Firefox, two techniques which are effectively used to bypass strong authentication and transaction signing solutions.

“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “Fortunately, the Trusteer Flashlight and Rapport services have enabled us to detect the rapid distribution of Zeus 1.4 early and alert financial institutions. We are recommending they maintain a layered approach to malware blocking and make sure they have the proper detection, investigation, mitigation, and response tools in place.”

Poor Antivirus Detection Rates

Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent financial malware on the Internet today. It infects PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.

Antivirus detection of Zeus has a poor track record. In a 2009 report based on information gathered from 3 million desktops in North America and the UK Trusteer found that the majority of Zeus infections occur on antivirus protected machines. Specifically, Trusteer found that among Zeus infected machines 55% had up-to-date antivirus protection installed. The population of machines infected with older versions of Zeus is enormous -- one in every 100 computers according to Trusteer research. Zeus 1.4 was specifically crafted to avoid antivirus detection and uses advanced polymorphic techniques, which make antivirus technologies completely blind to it.

About Trusteer

Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables online businesses to secure communications with their customers and employees over the Internet and protect data against malware and fraudulent websites. It locks down the browser to secure browser communication and prevents zero-day malware and phishing attacks. Trusteer Flashlight allows organizations to remotely, effectively, and instantly investigate malware-related fraud incidents. Trusteer’s solutions are used by more than 50 leading financial organizations in North America and Europe and by more than 6 million end-users. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. For more information visit www.trusteer.com.

Contacts

North America:

Marc Gendron PR

Marc Gendron, 781-237-0341

marc@mgpr.net

or

United Kingdon:

Eskenzi PR Ltd.

Neil Stinchcombe, +44 20 71 832 833

neil@eskenzipr.com

Permalink: http://www.businesswire.com/news/home/20100421005587/en/Trusteer-Detects-Rapid-Spread-Polymorphic-Version-Zeus

Cybercrime's Financial and Geographic Growth Shows No Slowdown During the Global Economic Crisis

  

Symantec Blocks an Average of 100 Potential Attacks per Second in 2009



MOUNTAIN VIEW, CA--(Marketwire - April 20, 2010) -  Symantec Corp. (NASDAQ: SYMC) today released its new Internet Security Threat Report volume XV, which highlights key trends in cybercrime from Jan. 1, 2009 to Dec. 31, 2009. In a year bookended by two very prominent Cyber attacks -- Conficker in the opening months of the year and Hydraq at the very end -- Symantec's Internet Security Threat Report reveals continued growth in both the volume and sophistication of cybercrime attacks.

"Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world's largest corporations and government entities," said Stephen Trilling, senior vice president, Security Technology and Response, Symantec. "The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments."

Notable trends highlighted in this year's report include:

• An increase in the number of targeted threats focused on enterprises. Given the potential for monetary gain from compromised corporate intellectual property (IP), cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to synthesize socially engineered attacks on key individuals within targeted companies. Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.


• Attack toolkits make cybercrime easier than ever. Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.


• Web-based attacks continued to grow unabated. Today's attackers leverage social engineering techniques to lure unsuspecting users to malicious websites. These websites then attack the victim's Web browser and vulnerable plug-ins normally used to view video or document files. In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.


• Malicious activity takes root in emerging countries. The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted.

Other ISTR Highlights:

• Malicious code is more rampant than ever. In 2009, Symantec identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008. 


• Top threats. The Sality.AE virus, the Brisv Trojan and the SillyFDC worm were the threats most frequently blocked by Symantec security software in 2009.


• Downadup (Conficker) still very prevalent. It was estimated that Downadup was on more than 6.5 million PCs worldwide at the end of 2009. Thus far, machines still infected with Downadup/Conficker have not been utilized for any significant criminal activity, but the threat remains a viable one.


• Compromised identity information continues to grow. Sixty percent of all data breaches that exposed identities were the result of hacking. In a sign that this issue is not limited to a few larger enterprises, the Symantec State of Enterprise Security Report 2010reported that 75 percent of enterprises surveyed experienced some form of cyber attack in 2009.


• Another turbulent year for spam. In 2009, spam made up 88 percent of all e-mail observed by Symantec, with a high of 90.4 percent in May and a low of 73.7 percent in February. Of the 107 billion spam messages distributed globally per day on average, 85 percent were from botnets. The 10 major bot networks, including Cutwail, Rustock andMega-D now control at least 5 million compromised computers. Throughout 2009, Symantec saw botnet infected computers being advertised in the underground economy for as little as 3 cents per computer.


• Applying security patches continues to be a challenge for many users. The report found that maintaining a secure, patched system became more challenging than ever in 2009. Moreover, many users are failing to patch even very old vulnerabilities. For example, the Microsoft Internet Explorer ADODB.Stream Object File Installation Weaknesswas published on August 23, 2003, and fixes have been available since July 2, 2004, yet it was the second-most attacked Web-based vulnerability in 2009.

Click to Tweet

• In 2009, Symantec blocks an average of 100 potential attacks per second_http://bit.ly/b6sp23 


• Symantec releases new Threat Report: Cybercrime's Growth Shows No Slowdown during Economic Crisis_http://bit.ly/b6sp23


• Growth in threats focused on enterprises. Symantec finds attackers use personal info found on social sites_http://bit.ly/b6sp23


• Toolkits make cybercrime easier than ever for unskilled cybercriminals to compromise PCs and steal info_http://bit.ly/b6sp23


• Today's attackers use social engineering techniques to lure users to malicious websites_http://bit.ly/b6sp23


• Dramatic growth in attacks targeted at PDF viewers, accounting for 49 percent of Web-based attacks in 2009_http://bit.ly/b6sp23


• Malicious activity takes root in countries w/ emerging broadband infrastructure_http://bit.ly/b6sp23

Connect with Symantec

• Symantec Security Response on Twitter


• Symantec on Facebook

Resources

• Symantec Internet Security Threat Report XV Microsite


• Threat Landscape Overview on Slide Share


• Symantec Security Response Blog


• Industry Resources at Delicious.com


• 2010 State of Enterprise Security Report


• 2010 State of Enterprise Security on SlideShare

About the Symantec Internet Security Threat ReportThe Internet Security Threat Report is derived from data collected by tens of millions of Internet sensors, first-hand research, and active monitoring of hacker communications, and it provides a global view of the state of Internet Security. The study period for the Internet Security Threat Report XV covers January 2009 to December 2009.

About Security Technology and ResponseThe Symantec Internet Security Threat Report is created by the Security Technology and Response (STAR) organization. STAR, which includes Security Response, is a worldwide team of security engineers, threat analysts, and researchers that provides the underlying functionality, content, and support for all Symantec corporate and consumer security products. With Response centers located throughout the world, STAR monitors malicious code reports from more than 133 million systems across the Internet, received data from 240,000 network sensors in more than 200 countries, and tracks more than 35,000 vulnerabilities affecting more than 80,000 technologies from more than 11,000 vendors. The team uses this vast intelligence to develop and deliver the world's most comprehensive security protection.

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available atwww.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

CONTACT:

Yunsun Wee

Symantec Corp.

+1 (424) 750 7582

ywee@symantec.com 



Dominic Cook

Symantec Corp.

+44 (0) 118 943 6384

dominic_cook@symantec.com

Click here to see all recent news from this company