"Given the dynamic nature of today's online threats and the traditionally reactive approach taken by today's malware and phishing detection technology, conventional signature-based solutions are inherently at a disadvantage to keep up," said Panos Anastassiadis, CEO and Chairman of Cyveillance. "Because the majority of damage occurs during the first 24 hours of an attack, early detection of attacks is crucial. By combining today's defensive technologies with proactive intelligence gathered in real-time, organizations can significantly limit the harm inflicted by today's dynamically changing threats."
In addition to a detailed evaluation of the effectiveness of leading anti-virus malware detection and Web browser anti-phishing technologies, the report also tracks the online "fraud chain" comprised of malware components that store and serve malware executables, distribute malware to consumers, and receive and store the confidential information collected from infected computers. Other key report findings include: Data tracked during second half of 2008 shows that the United States and China continue to be the top distributors of malware on the Internet. 159 unique new brands were phished in the second half of 2008, which represents a slight decrease compared to the number of new brands targeted during the same time a year ago. Phishers continue to expand attacks globally and across new industries. In the second half of 2008, Cyveillance saw an increase in the number of new phishing targets in countries that had yet to be phished as well as new targets in the media and social networking industries.
Anti-virus Malware and Web Browser Test Results More information about Cyveillance's testing of anti-virus malware vendors and Web browser anti-phishing filters is included in the company's "2H 2008 Cyber Intelligence Report."
Malware Cyveillance identifies a malware threat as a file or application downloaded from a Web site or server that exhibits properties that are both involuntary and malicious in nature. An active malware threat is one that has been located on a live Web site within the last 30 days.
Because anti-virus solutions primarily detect previously identified malware threats, perpetrators quickly replace recently discovered malware threats with modified versions and exploit this discovery lag-time to evade detection and infect unsuspecting machines. As such, the Cyveillance test which took place between November 30 and December 29, 2008, looked at twelve best-of-breed anti-virus vendor solutions2, deployed in their default settings with auto-update features enabled to ensure all malware signatures were within vendor parameters.
Phishing Phishing threats are social engineering scams that rely on both technology and human interaction to carry out online fraud and identity theft. The schemes are varied but typically involve a spoofed (spam) email that mimics an email from a legitimate and respected organization in order to steal personal information (e.g., username and password, credit card number, Social Security number, etc.). The information collected is then used for identity theft purposes. To better understand the daily risks consumers face from phishing attacks, Cyveillance test sampled unique and confirmed phishing attacks uncovered against a variety of organizations. To measure the effectiveness of some of today's leading anti-phishing solutions3, Cyveillance fed these confirmed live attacks through four of the most widely used anti-phishing browser-based offerings. The data was fed in real-time to each solution and then again 24 hours later to determine detection rates over a minimal period of time.
All figures and statistics in the Cyveillance "2H 2008 Cyber Intelligence Report" are actual measurements rather than projections based upon sample datasets. The cyber intelligence included in this report includes data collected and analyzed between July 1 and December 31, 2008. It represents aggregate cyber intelligence findings that Cyveillance has delivered to its OEM data partners, except where otherwise noted. For more information about Cyveillance's research findings, please visit: http://www.cyveillance.com/web/forms/request.asp?getFile=113. About Cyveillance Cyveillance, the world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data Partners " protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 30 million global consumers through its partnerships with security and service providers that include AOL and Microsoft. For more information, visit www.cyveillance.com.
1Cyveillance's comprehensive monitoring technology continuously sweeps the Internet " monitoring and collecting information from over 200 million unique domain name servers, 150 million unique Web sites, 80 million blogs, 90,000 message boards, thousands of IRC/Chat channels, billions of spam emails, auction sites, bot networks and more. This approach yields the discovery of more than 100,000 new sites each day.
2Vendors tested included F-Secure, Kaspersky, McAfee, Sunbelt, Sophos, Trend Micro, Dr. Web, AVG, Eset Nod32, F-Prot, Virus Buster and Norman. Symantec data was inconclusive at time of publication and was not included in the test results.
3Vendors tested included Firefox, Safari, Chrome and IE7.