Security Response

W32.Waledac is a worm that spreads through email, drive-by downloads, and sometimes comes bundled with other threats. The worm joins a robust botnet, where it is usually used to send spam, reroute traffic, or download other risks on to the compromised computer.

Even though the primary purpose of the worm is profit-motivated, it also contains the ability to download plug-in modules, further expanding its functionality.

More information on W32.Waledac is available in the threat family writeup.

With the rapid rise in the number of malware attacks it’s harder than ever to prevent machines from getting infected. But have you done everything you can do? Have you done the things you must do to stay protected? Following some simple best practices can make a tremendous difference in improving your protection. Symantec has assembled a set of best practices for today’s threat landscape.

Use these recommendations to know what you must, should and can do to protect your endpoints from malware.

Want to go further and really beef up protection on your endpoint machines? Symantec Endpoint Protection has a feature called Application and Device Control that gives you additional tools to protect your endpoints. Find out about Application and Device Control and download rulesets especially created by Symantec to increase your protection. Information available here.

Malware was once written mainly for fame and notoriety. However, it has now become a very profitable enterprise, backed by strong business modes. The pay-per-install distribution model is based on revenue sharing and commission. Malware authors do not have the resources or bandwidth to spread their malware on a large scale. Instead they rely on a network of affiliates, who distribute the malware, and in return get paid a commission for every install.

Download the full ‘Pay-Per-Install: The New Malware Distribution Network’ white paper.

View the full set of Symantec Security Response white papers.

The Symantec Internet Security Threat Report provides an annual overview and detailed analysis of Internet threat activity, malicious code, and known vulnerabilities. The report also discusses trends in phishing, spam and observed activities on underground economy servers.

The latest report highlights that: malicious activity continues to be pushed to emerging countries; targeted attacks on enterprises are increasing, with Web-based attacks continuing to be a favored attack vector; readily available malicious code kits are making it simple for neophyte attackers to mount attacks; and the online underground economy and malicious activity are benefiting from the downturn in the global economy.

For a review of the threat landscape in 2009, download your copy of Internet Security Threat Report XV.
For quarterly reports about what’s happening in 2010 visit the Symantec Intelligence Quarterly.