Delicious
Tumblr
Reddit
Furl
Simpy
Digg
Technorati
Faves
Newsvine
Stumbleupon90 Day Global Threats, Risks, and Vulnerabilities Timeline
90 Day Global Threats, Risks, and Vulnerabilities Timeline
90 day view of discovered Threats, Security Risks and announced Vulnerabilities brought to you by the DeepSight Threat Management System
Risk
Threat
VulnerabilityMost Active New Threats
Most Active New Threats
Newly discovered threats that Symantec has blocked from customer machines.
| Name | Type | Protected* | Discovered |
| Infostealer.Shiz!gen | Trojan | 09/02/2012 | 09/02/2012 |
| W32.Pilleuz!gen31 | Worm | 07/02/2012 | 08/02/2012 |
| Backdoor.Cycbot!gen10 | Trojan | 08/02/2012 | 08/02/2012 |
| Trojan.Zbot!gen30 | Trojan Virus | 07/02/2012 | 06/02/2012 |
| Infostealer.Offsupload | Trojan | 07/02/2012 | 06/02/2012 |
| Trojan.Neloweg | Trojan | 05/02/2012 | |
| W32.Begmian | Worm | 07/02/2012 | 05/02/2012 |
| Trojan.Zeroaccess!gen8 | Trojan | 02/02/2012 | 02/02/2012 |
| W32.Pilleuz!gen30 | Worm | 01/02/2012 | 01/02/2012 |
| Trojan.Zatvex!gen4 | Trojan | 01/02/2012 | 01/02/2012 |
Threat Spotlight: Trojan.
Zeroaccess
Zeroaccess
Trojan.Zeroaccess is a Trojan horse that uses an advanced rootkit to hide itself. It is often installed through drive-by-download attacks from sites hosting the Blackhole exploit kit. The Trojan can also create an encrypted, hidden file system, download more malware, and open a back door on the compromised computer.
The Trojan is called ZeroAccess due to a string found in the kernel driver code that is pointing to the original project folder called ZeroAccess. It is also known as max++ as it creates a new kernel device object called __max++>.
More information on Trojan.Zeroaccess is available in the threat family writeup.
Best Practices
With the rapid rise in the number of malware attacks it’s harder than ever to prevent machines from getting infected. But have you done everything you can do? Have you done the things you must do to stay protected? Following some simple best practices can make a tremendous difference in improving your protection. Symantec has assembled a set of best practices for today’s threat landscape.
Use these recommendations to know what you must, should and can do to protect your endpoints from malware.
Want to go further and really beef up protection on your endpoint machines? Symantec Endpoint Protection has a feature called Application and Device Control that gives you additional tools to protect your endpoints. Find out about Application and Device Control and download rulesets especially created by Symantec to increase your protection. Information available here.
White Paper Spotlight
W32.Qakbot is a worm that has been seen spreading through network shares, removable drives, and infected webpages, and infecting computers since mid-2009. Its primary purpose is to steal online banking account information from compromised computers. The malware controllers use the stolen information to access client accounts within various financial service websites with the intent of moving currency to accounts from which they can withdraw funds.
There are several information stealing Trojans found in cyberspace today. What makes Qakbot stand apart from most of the others is sophistication and continuous evolution. The purpose of this white paper is to provide an insight into the worm's capabilities.Download the full 'W32.Qakbot in Detail' white paper.
View the full set of Symantec Security Response white papers.
