Security Response

90 Day Global Threats, Risks, and Vulnerabilities Timeline

Most Active New Threats

Name

Type

Protected*

Discovered

SecShieldFraud!gen7	Misleading Application	25/05/2012	25/05/2012
W32.SillyFDC.BDQ	Worm	24/05/2012	25/05/2012
Trojan.Exprez	Trojan	23/05/2012	23/05/2012
Downloader.Jadelile	Trojan	22/05/2012	22/05/2012
Trojan.Ransomlock.P	Trojan	23/05/2012	22/05/2012
Packed.Dromedan!gen5	Trojan Virus	21/05/2012	21/05/2012
Trojan.Komodola	Trojan	18/05/2012	18/05/2012
W32.Stekct	Worm	17/05/2012	17/05/2012
Packed.Generic.368	Trojan Worm		17/05/2012
Packed.Generic.367	Trojan Worm	16/05/2012	16/05/2012

*For continued protection, make sure that your Symantec subscription and/or license are up to date.

Threat Spotlight: Trojan.Downbot

Trojan.Downbot is a Trojan that is implicated in a widely reported series of targeted information stealing attacks against a wide range of organizations worldwide.
These attacks were initially reported in the media on August 2nd, 2011 when a report was published naming the attack as "Operation Shady RAT". The report described a series of attacks which had been occurring for over five years against over seventy organizations.

The targets ranged from private companies to government agencies located worldwide. In the report, it speculated that these attacks were aimed at stealing highly sensitive and proprietary information belonging to specifically targeted organizations and due to this, may potentially point to a state sponsor being behind these attacks.

More information on Trojan.Downbot is available in the threat family writeup.

Best Practices

With the rapid rise in the number of malware attacks it’s harder than ever to prevent machines from getting infected. But have you done everything you can do? Have you done the things you must do to stay protected? Following some simple best practices can make a tremendous difference in improving your protection. Symantec has assembled a set of best practices for today’s threat landscape.

Use these recommendations to know what you must, should and can do to protect your endpoints from malware.

Want to go further and really beef up protection on your endpoint machines? Symantec Endpoint Protection has a feature called Application and Device Control that gives you additional tools to protect your endpoints. Find out about Application and Device Control and download rulesets especially created by Symantec to increase your protection. Information available here.

White Paper Spotlight

W32.Qakbot is a worm that has been seen spreading through network shares, removable drives, and infected webpages, and infecting computers since mid-2009. Its primary purpose is to steal online banking account information from compromised computers. The malware controllers use the stolen information to access client accounts within various financial service websites with the intent of moving currency to accounts from which they can withdraw funds. There are several information stealing Trojans found in cyberspace today. What makes Qakbot stand apart from most of the others is sophistication and continuous evolution. The purpose of this white paper is to provide an insight into the worm's capabilities.

Download the full 'W32.Qakbot in Detail' white paper.

View the full set of Symantec Security Response white papers.