Malicious Code Trends | Top Malicious Code Families | Analysis of Malicious Code Activity by Geography, Industry Sector and Company Size | Propagation Mechanisms | Industrial Espionage: Targeted Attacks and Advanced Persistent Threats (APTs) | TRIAGE Analysis of Targeted Attacks
Malicious Code Trends
Symantec collects malicious code information from our large global customer base through a series of opt in anonymous telemetry programs, including Norton Community Watch, Symantec Digital Immune System and Symantec Scan and Deliver technologies. Well over 133 million clients, servers and gateway systems actively contribute to these programs. New malicious code samples, as well as detection incidents from known malicious code types, are reported back to Symantec. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in malicious code activity in the threat landscape. Reported incidents are considered potential infections if an infection could have occurred in the absence of security software to detect and eliminate the threat.
Malicious code threats are classified into four main types — backdoors, viruses, worms, and Trojans:
- Backdoors allow an attacker to remotely access compromised computers.
- Viruses propagate by infecting existing files on affected computers with malicious code.
- Worms are malicious code threats that can replicate on infected computers or in a manner that facilitates them being copied to another computer (such as via USB storage devices).
- Trojans are malicious code that users unwittingly install onto their computers, most commonly through either opening email attachments or downloading from the Internet. Trojans are often downloaded and installed by other malicious code as well. Trojan horse programs differ from worms and viruses in that they do not propagate themselves.
Many malicious code threats have multiple features, for example, a backdoor will always be categorized in conjunction with another malicious code feature. Typically, backdoors are also Trojans, however many worms and viruses also incorporate backdoor functionality. In addition, many malicious code samples can be classified as both worm and virus due to the way they propagate. One reason for this is that threat developers try to enable malicious code with multiple propagation vectors in order to increase their odds of successfully compromising computers in attacks.
The following malicious code trends are analyzed for 2011: