The Americas Region - Introduction | AMS Malicious Activity by Geography | AMS Attack Origin by Country | AMS Top Malicious Code Samples
AMS Top Malicious Code Samples
BackgroundThis metric assesses the top malicious code samples in the Americas region in 2011. Symantec analyses new and existing malicious code samples to determine which threats types and attack vectors are being employed in the most prevalent threats. This information also allows administrators and users to gain familiarity with threats that attackers may favor in their exploits. Insight into emerging threat development trends can help bolster security measures and mitigate future attacks.
MethodologyTo determine top malicious code samples, Symantec ranks each malicious code sample based on the volume of unique sources of potential infections observed during the reporting period.
Figure G.9: Top malicious code samples in Americas, 2011
- The W32.Downadup (aka Conficker) dominates in the Americas region: W32.Downadup.B was ranked in first position in the Americas region in 2011, accounting for 7.3% of potential infections in LAM and 4.5% in NAM.
- The Downadup family of malware was ranked in fourth position globally in 2011, despite losing momentum, when in 2010 it was ranked second-most malicious code family by volume of potential infections globally.
- Downadup propagates by exploiting vulnerabilities in order to copy itself to network shares. Downadup was estimated still to be on more than 3 million PCs worldwide at the end of 2011 , compared with approximately 5 million at the end of 2010.
- Interestingly, variants of Ramnit, which was the number one family of malware globally in 2011, did not feature strongly in the top-10 malware identified in the Americas region, and accounted for less than 1% of potential infections in NAM.
- W32.Sality.AE was ranked number one in LAM, but did not feature in the top-ten for NAM. Reported activity by this virus was the primary contributor to the Sality family being the second highest ranked malicious code family globally in 2011.
- Discovered in 2008, Sality.AE has been a prominent part of the threat landscape since then, including being the global top malicious code family identified by Symantec in 2010 and 2009.
- Sality may be particularly attractive to attackers because it uses polymorphic code that can hamper detection. Sality is also capable of disabling security services on affected computers. These two factors may lead to a higher rate of successful installations for attackers.