SOURCE: ScanSafe

ScanSafe

August 13, 2009 07:28 ET

Signature-Based Scanners Miss 88% of Gumblar Attacks

Leading Provider of SaaS Web Security Reports Gumblar Responsible for 14% of Malware Blocks in 2Q09

LONDON and SAN FRANCISCO, CA--(Marketwire - August 13, 2009) - In its quarterly Global Threat Report issued today, ScanSafe, the pioneer and leading provider of SaaS Web Security, reported that at its highest peak in the second quarter of 2009, 88% of ScanSafe malware blocks were zero day threats, meaning that the vast majority of the attacks were not detected by signature based scanners. The single largest contributor to the high rate of signature misses were the result of the second stage Gumblar attacks.

The overall rate of zero day Web malware in 2Q09 was 32% -- nearly one in three Web malware encounters which were blocked via ScanSafe Outbreak Intelligence™ zero day threat protection. Companies relying on signature based scanners alone would have been extremely vulnerable, given that signatures for Gumblar-compromised sites were not generally available until three weeks after the largest peak of Gumblar website compromises.

ScanSafe noted that the rate of Web-delivered malware increased sharply in the second quarter of 2009 -- a staggering 36% from 1Q09. This was also due in large part to Gumblar, the most sophisticated mass compromise seen this year. 2008 was the largest year on record for Web-delivered malware, with a massive 300% increase from 2007. By all accounts, 2009 is on track to double that number.

"The fact that the most serious threat of the year was not detectable by most standard antivirus signatures should serve as yet another wake up call to the security community," said Mary Landesman, senior security researcher at ScanSafe. "The evasiveness and sophistication of the Gumblar threat has set quite a precedent for threats to come. Companies need to be prepared with a comprehensive Web security solution -- specifically, a solution that adequately protects against the increasing rate of zero day threats."

Worryingly, the second quarter of 2009 also demonstrated a sharp increase in data theft trojans. The rate of encounters with data theft trojans increased 37% in 2Q09. The most prevalent of these encounters were with Backdoor trojans, which can lead to data theft, registry manipulation and full control of files on an infected system, among other things.

"It is alarming that the prevalence of data theft trojans has increased so significantly this quarter, but not surprising," said Landesman. "Stolen data is in high demand and in this economy cyber criminals are motivated to develop increasingly sophisticated tactics to obtain it."

To obtain a full copy of the latest ScanSafe Global Threat Report, please visit www.scansafe.com.

About ScanSafe

ScanSafe is the pioneer and largest global provider of SaaS Web Security, ensuring a safe and productive Internet environment for businesses. ScanSafe solutions keep malware off corporate networks and allow businesses to control and secure the use of the Web. As a SaaS solution, ScanSafe eliminates the burden of purchasing and maintaining infrastructure in-house, significantly lowering the total cost of ownership.

Powered by its proactive, multilayered Outbreak Intelligence™ threat detection technology, ScanSafe processes more than 20 billion Web requests and 200 million blocks each month for customers in over 100 countries.

In 2009, the company was awarded "Best Content Security" solution by SC Magazine Europe for the third consecutive year.