ScanSafe: 58% of Malware Blocks were Zero-day Threats

According to ScanSafe, which recently released its Global Threat Report for Q1 2009, the highest percentage (58%) of Web-based malicious program blocks during the period were related to zero-day attacks.

ScanSafe also notes that ordinarily there was a 20% malware blocks related to zero-day attacks during Q1 2009, implying that organizations employing only signature-based scanning might have been extremely vulnerable to malicious programs during that time. Additionally, year 2008 was recorded to have the highest number of Web-based malicious programs, witnessing a 300% growth from 2007.

Further, 35% of malware prevented during Q1 2009 were a result of accessing compromised websites, said the report. In addition, 28% of Web-delivered malicious programs blocked during Q1 2009 used the information stealing Trojans.

Mary Landesman, Senior Security Researcher, ScanSafe, says that zero-day malicious programs are rising in number while signature-based scanners are failing to detect them at a mean rate of 20%. Therefore, it is imperative that real-time scanning be used to keep networks, employees and most significantly, data, safe from attacks, as reported by SCMagazine on May 7, 2009.

Landesman further adds that as malware are growing in number as well as in sophistication and no slowdown is expected in near future, it is now more important for organizations to have in place, all-inclusive web security software.

Moreover, the report notes that during Q1 2009, there was a surge of Trojan Zeus designed to steal banking information. The botnet from this Trojan is under the control of the Russian cyber criminals who used it to infiltrate Monster.com (an online job site). Earlier, it was involved in a $6 Million theft from commercial accounts on twenty European banks.

Commenting on this, Landesman stated that Zeus was a key example of the way cyber criminals were evolving more sophisticated techniques to commit theft of precious data and how they would keep on doing so in the future.

Meanwhile, before its outbreak during Q1 2009, it was believed that the Zeus botnet had infected approximately 100,000 PCs, and considering the level of activity from Zeus in 2009, the total number of PCs infected with the Trojan for this botnet, possibly has grown proportionately.

Related article: Scansafe Claims that Malware Grew by 35% in April

» SPAMfighter News - 5/12/2009