Security Response

2016 Internet Security Threat Report, Volume 21

The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.

Download the report and more.

90 Day Global Threats, Risks, and Vulnerabilities Timeline

Most Active New Threats

Name	Type	Protected*	Discovered
Trojan.FakeAV!gen121	Trojan	04/21/2014	04/21/2014
JS.Bondat	Worm	02/19/2015	02/18/2015
Trojan.Shylock!gen12	Trojan	04/17/2014	04/17/2014
Trojan.Pandex!gen4	Trojan	04/16/2014	04/16/2014
Trojan.Zbot!gen74	Trojan	04/15/2014	04/15/2014
Trojan.Shylock!gen10	Trojan	04/14/2014	04/13/2014
Trojan.Shylock!gen11	Trojan	04/14/2014	04/13/2014
Downloader.Ponik!gm	Trojan		05/22/2014
Packed.Generic.460	Trojan	04/12/2014	04/11/2014

*For continued protection, make sure that your Symantec subscription and/or license are up to date.

Threat Spotlight: Trojan.Cryptowall

Trojan.Cryptowall is a Trojan horse that encrypts files on the compromised computer. It then asks the user to pay to have the files decrypted.

The threat typically arrives on the affected computer through spam emails, exploit kits hosted through malicious ads or compromised sites, or other malware.

Once the Trojan is executed on the compromised computer, it creates a number of registry entries to store the path of the encrypted files and run every time the computer restarts. It encrypts files with particular extensions on the computer and creates additional files with instructions on how to obtain the decryption key.

This threat family attempts to convince the user to pay money in order to get the key to unlock their files. It uses a variety of different techniques in order to encourage the user to pay the ransom.

More information on Trojan.Cryptowall is available in the threat family writeup.

Best Practices

With the rapid rise in the number of malware attacks it’s harder than ever to prevent machines from getting infected. But have you done everything you can do? Have you done the things you must do to stay protected? Following some simple best practices can make a tremendous difference in improving your protection. Symantec has assembled a set of best practices for today’s threat landscape.

Use these recommendations to know what you must, should and can do to protect your endpoints from malware.

Want to go further and really beef up protection on your endpoint machines? Symantec Endpoint Protection has a feature called Application and Device Control that gives you additional tools to protect your endpoints. Find out about Application and Device Control and download rulesets especially created by Symantec to increase your protection. Information available here.

White Paper Spotlight: The Dridex financial Trojan

The Dridex financial Trojan has emerged as one of the most serious online threats facing consumers and businesses. The attackers operating the Dridex botnet have continually refined the Trojan, which is now capable of harvesting banking credentials from customers of approximately 300 banks and other financial institutions in over 40 countries.

In this research, Symantec takes a detailed look at one of the most dangerous pieces of financial malware in circulation.

You can read the full details of our research into Dridex in our whitepaper.

View the full set of Symantec Security Response white papers.