Zero-day malware accounted for 26 percent of blocked threats in November, says web security firm ScanSafe.
In its monthly Global Threat Report, ScanSafe said the rate of zero-day malware blocks increased in November to 26 percent of blocks, compared to 16 percent in October. The number is also significantly higher than the 19 percent average reported for the year.
In a zero day attack, hackers are faster than software vendors and security providers by exploiting vulnerabilities before vendors have time to fix them.
The most recent zero day attack was the Internet Explorer browser exploit. The vulnerability was found and then mistakenly released by Chinese researchers. The result was an explosion of attacks. Microsoft released an emergency patch on Tuesday, 17 December.
“Throughout November, attackers were more intent than ever on ensuring the malware they used would bypass traditional security measures,” said Mary Landesman, senior security researcher at ScanSafe.
“Given the dynamic and costly nature of today’s web threats, real-time scanning of web traffic before it reaches the enterprise is more essential than ever.”
Backdoor and data theft Trojans also factored prominently in November web malware exposures. In October, Trojans accounted for 13 percent of all Web malware blocks, but in November, it accounted for 30 percent. Five of the top ten web malware blocked in November were a result of this category of threats. The bulk of these trojans include an autorun component that enables the malware to spread via infected USB and mapped drives.
“The recent increase in backdoors and data theft Trojans very concerning given the seriousness of this category of malware,” said Landesman. “Heightened exposure indicates attackers are going to new extremes to get their malware in front of users, perhaps as a result of the declining economic climate.”
One third, 33 percent, of all web malware blocks were through compromised websites. This is actually lower than the October peak of 65 percent. But this decline in exposure to compromised websites was offset by a boom in zero-day threats as well as an increase in social engineering techniques. The end result: despite the decrease in website compromises, the overall rate of web-based malware was only 2.4% less than the rate in October. October was, according to ScanSafe, the highest web malware month in history.
The ScanSafe Global Threat Report is based on analysis of more than 20 billion web requests the company processed each month for customers in over 80 countries.