Majority of signature-based scanners missed Gumblar attacks

According to ScanSafe's quarterly Global Threat Report, the attacks were at their peak in the second quarter of 2009 when 88 per cent of ScanSafe malware blocks were zero-day threats.

This meant that the vast majority of attacks were not detected by signature-based scanners. ScanSafe claimed that the single largest contributor to the high rate of signature misses were the second-stage Gumblar attacks.

Mary Landesman, senior security researcher at ScanSafe, said: “The fact that the most serious threat of the year was not detectable by most standard anti-virus signatures should serve as yet another wake up call to the security community.

“The evasiveness and sophistication of the Gumblar threat has set quite a precedent for threats to come. Companies need to be prepared with a comprehensive web security solution – specifically, a solution that adequately protects against the increasing rate of zero-day threats.”

The report also found that the second quarter of 2009 demonstrated a sharp increase in data theft trojans, with the rate of encounters increasing by 37 per cent in the second quarter of 2009. The most prevalent of these encounters were with backdoor trojans, which can lead to data theft, registry manipulation, and full control of files on an infected system.

Landesman said: “It is alarming that the prevalence of data theft Trojans has increased so significantly this quarter, but not surprising. Stolen data is in high demand and in this economy cybercriminals are motivated to develop increasingly sophisticated tactics to obtain it.”


See original article on scmagazineuk.com