Since we launched our top threats statistics page on Metascan® Online, we've been monitoring the threats that appear there and analyzing the types of malware that are surfacing. Some of the trends we've seen have surprised us, so we wanted to share three of the most concerning.
1. Even older malware is not guaranteed to be detected by an individual antivirus
Much of the current hype around cyber security is focused on the latest outbreaks and zero-day attacks, and security companies are very focused on detecting the latest threats. But we need to be careful that this hype doesn't cause us to lose sight of older malware that is still being utilized in attacks. For example, the Swrort Trojan has been around for a long time (since 2010 or earlier), but continues to be used in attacks, such as a fraudulent email campaign in South Korea as recently as this June. It recently surfaced on our top/most common threats list, indicating that it is still being found on machines around the world. Many prominent antivirus engines do not detect this as a threat according to the Metascan Online scan results, which raises a concern that many machines are not protected against older malware. Given how long this threat has been around, why are there still so many antivirus engines not detecting it?
Metascan Online scan results
2. PUA detection is not wide-spread, leaving endpoints potentially vulnerable
We've seen recently with reports of the Gunpoder malware that threats classified less severely as adware and grayware may be hiding their aggressive, malicious behavior, showing that we need to pay more attention when anti-malware engines flag files in these categories. However, our list of top searched threats on Metascan Online reveals that many common potentially unwanted applications (PUA, PUP, Adware, risk ware, grayware) are not even flagged by the majority of antivirus engines. Users and organizations need to be aware of whether their endpoint protection detects these types of threats, and should supplement these solutions with multi-engine scanning solutions to ensure that they have visibility to this category of threat.
3. Common threats can be inspirations for more targeted attacks
One interesting threat that shows up on the list continuously is Blacole, which continues to be a major inspiration to the malware community. It has influenced the development of Angler, another exploit kit, which was found to exploit the recent Flash bug that was revealed during the Hacking Team breach. Though threats like Blacole are widely detected and may seem mundane, they are important for antivirus vendors to understand and keep an eye on, so that variants and copycats can be detected.
Check out the Metascan Online Statistics page to see the current list of top threats and to read more about how the list is determined.
