Security Response

W32.Stuxnet is a worm that is currently spreading in the wild. This threat takes advantage of a previously unknown technique using .lnk files to spread through USB drives. The worm then drops a rootkit on any computers it successfully compromises.

For further information on this threat, see our W32.Stuxnet and W32.Stuxnet.lnk writeups, as well as our blog entry covering commonly asked questions about the threat. You can also read more about the Microsoft Windows Shortcut 'LNK'Files Automatic File Execution Vulnerability (BID 41732) as well.

With the rapid rise in the number of malware attacks it’s harder than ever to prevent machines from getting infected. But have you done everything you can do? Have you done the things you must do to stay protected? Following some simple best practices can make a tremendous difference in improving your protection. Symantec has assembled a set of best practices for today’s threat landscape.

Use these recommendations to know what you must, should and can do to protect your endpoints from malware.

Want to go further and really beef up protection on your endpoint machines? Symantec Endpoint Protection has a feature called Application and Device Control that gives you additional tools to protect your endpoints. Find out about Application and Device Control and download rulesets especially created by Symantec to increase your protection. Information available here.

Malware was once written mainly for fame and notoriety. However, it has now become a very profitable enterprise, backed by strong business modes. The pay-per-install distribution model is based on revenue sharing and commission. Malware authors do not have the resources or bandwidth to spread their malware on a large scale. Instead they rely on a network of affiliates, who distribute the malware, and in return get paid a commission for every install.

Download the full ‘Pay-Per-Install: The New Malware Distribution Network’ white paper.

View the full set of Symantec Security Response white papers.

The Symantec Internet Security Threat Report provides an annual overview and detailed analysis of Internet threat activity, malicious code, and known vulnerabilities. The report also discusses trends in phishing, spam and observed activities on underground economy servers.

The latest report highlights that: malicious activity continues to be pushed to emerging countries; targeted attacks on enterprises are increasing, with Web-based attacks continuing to be a favored attack vector; readily available malicious code kits are making it simple for neophyte attackers to mount attacks; and the online underground economy and malicious activity are benefiting from the downturn in the global economy.

For a review of the threat landscape in 2009, download your copy of Internet Security Threat Report XV.
For quarterly reports about what’s happening in 2010 visit the Symantec Intelligence Quarterly.