Signature-based Scanners Fail to Detect 88% of Gumblar Malware Assaults

Security company ScanSafe through its Global Threat Report for the second quarter of 2009 reports that e-threat attacks reached their zenith during Q2 2009, with 88% of the entire malware that it blocked were related to zero-day attacks.

It therefore follows that signature-based detection software was not able to spot a huge majority of threats. ScanSafe also states that a big percentage of signature failures were accounted for Gumblar attacks that were in their second stages of launch.

Mary Landesman, Senior Security Researcher at ScanSafe, said that given that standard antivirus software was not able to recognize the most dangerous malware of 2009, the incident should have raised alarm in the security industry, as reported by SCMagazine on August 13, 2009.

Landesman further said that the sophistication and elusive capability of the Gumblar attacks had quite effectively established a scope for future threats. According to the researcher, organizations should prepare themselves with an all-inclusive solution for web security, particularly a solution, which sufficiently safeguarded against increasing zero-day threats.

ScanSafe further observed that the percentage at which Web-based malicious programs increased was extremely high during Q2 2009, an astounding 36% since Q1 2009 that was largely because of Gumblar attacks, the highly advanced bulk compromises witnessed during 2009. However, 2008 recorded the largest ever Web-delivered malware, contributing 300% more than that of 2007. But 2009 was expected to contribute even more, about twice that amount, according to ScanSafe.

Additionally, the report further discovered that there was a steep hike in information stealing trojans during Q2 2009, with the percentage of attacks was as high as 37% in Q2 2009. Of these attacks, the maximum were from Backdoor trojans that stole data, manipulated registry entries as well as acquired total control over files and folders on a hijacked system.

Commenting on the point, Landesman stated that it was frightening to find such a significant incidence of information stealing trojans during Q2 2009, but not astonishing. She added that stolen data was greatly sought after and cyber criminals were encouraged to devise more and more advanced techniques to acquire it, as reported by EarthTimes on August 13, 2009.

Related article: Second Life Exploit Allows Hackers Steal Linden Currency from Avatars

» SPAMfighter News - 9/2/2009