Generic Polymorphic Malware

Refer to 'Symantec Announces September 2011 Symantec Intelligence Report' on Enterprise IT News

Generic Polymorphic Malware was first identified in July 2011.

Email-borne polymorphic malware soars to unprecedented levels in Sept

The malware is frequently contained inside an executable within the attached ZIP archive file and often disguised as a PDF file or an office document. This new aggressive approach to distributing generic polymorphic malware on such a scale should be concerning for many businesses, particularly for those who rely solely on more traditional security countermeasures, which this type of malware is designed to evade. One example of this technique involves changing the startup code in almost every version of the malware; subtly changing the structure of the code and making it harder for emulators built-in to many anti-virus products to identify the code as malicious. Technology cannot rely on signatures and heuristics alone, and must also take into account the integrity of an executable based on knowledge of its reputation and circulation in the real-world.

Additional research also reveals that JavaScript is becoming increasing popular as programming language by spammers and malware authors. JavaScript is increasingly used to conceal where spammers are redirecting, and in some cases, also to conceal entire Web pages.

Spam: In September 2011, the global ratio of spam in email traffic declined to 74.8 percent (1 in 1.34 emails), a decrease of 1.1 percentage points when compared with August 2011.

Phishing: In September, phishing email activity diminished by 0.26 percentage points since August 2011; one in 447.9 emails (0.223 percent) comprised some form of phishing attack.

E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 188.7 emails (0.53 percent) in September, an increase of 0.04 percentage points since August 2011.

Web-based Malware Threats: In September, Symantec Intelligence identified an average of 3,474 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 1.0 percent since August 2011.

Endpoint Threats: The most frequently blocked malware for the last month was W32.Sality.AE, a virus that spreads by infecting executable files and attempts to download potentially malicious files from the Internet.