Symantec.com > Empresas > Security Response > Internet Security Threat Report > View the Report > Malicious Code Trends

Malicious Code Trends

Malicious Code Trends Introduction | Top Malicious Code Families | Prevalence of Malicious Code Features | Top Malicious Code Samples by Region | Threats to Confidential Information | Propagation Mechanisms

Malicious Code Trends Introduction

Symantec collects malicious code information from its large global customer base through a series of opt in anonymous telemetry programs, including Norton Community Watch, Symantec Digital Immune System and Symantec Scan and Deliver technologies. Well over 100 million clients, servers and gateway systems actively contribute to these programs. New malicious code samples, as well as detection incidents from known malicious code types, are reported back to Symantec. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in malicious code activity in the threat landscape. Reported incidents are considered potential infections if an infection could have occurred in the absence of security software to detect and eliminate the threat.

Malicious code threats are classified into four main types—backdoors, viruses, worms, and Trojans:
  • Backdoors allow an attacker to remotely access compromised computers.
  • Trojans are malicious code that users unwittingly install onto their computers, most commonly through either opening email attachments or downloading from the Internet. Trojans are often downloaded and installed by other malicious code as well. Trojan horse programs differ from worms and viruses in that they do not propagate themselves.
  • Viruses propagate by infecting existing files on affected computers with malicious code.
  • Worms are malicious code threats that can replicate on infected computers or in a manner that facilitates them being copied to another computer (such as via USB storage devices).

Many malicious code threats have multiple features. For example, a backdoor is always categorized in conjunction with another malicious code feature. Typically, backdoors are also Trojans, however many worms and viruses also incorporate backdoor functionality. In addition, many malicious code samples can be classified as both worm and virus due to the way they propagate. One reason for this is that threat developers try to enable malicious code with multiple propagation vectors in order to increase their odds of successfully compromising computers in attacks.

This discussion is based on malicious code samples detected by Symantec in 2010, with the following trends being analyzed:
  • Top malicious code families
  • Prevalence of malicious code features
  • Top malicious code samples by region
  • Threats to confidential information
  • Propagation mechanisms