Signature-based scanners missed 88 per cent of Gumblar attacks.
According to ScanSafe's quarterly Global Threat Report, the attacks were at their highest peak in the second quarter of 2009 when 88 per cent of ScanSafe malware blocks were zero-day threats.
This meant that the vast majority of attacks were not detected by signature-based scanners. It claimed that the single largest contributor to the high rate of signature misses were the second stage Gumblar attacks.
Mary Landesman, senior security researcher at ScanSafe, said: “The fact that the most serious threat of the year was not detectable by most standard anti-virus signatures should serve as yet another wake up call to the security community.
“The evasiveness and sophistication of the Gumblar threat has set quite a precedent for threats to come. Companies need to be prepared with a comprehensive web security solution – specifically, a solution that adequately protects against the increasing rate of zero-day threats.”
The report further claimed that nearly one in three web malware encounters were blocked via ScanSafe Outbreak Intelligence zero-day threat protection. Companies relying on signature-based scanners alone would have been extremely vulnerable given that signatures for Gumblar-compromised sites were not generally available until three weeks after the largest peak of Gumblar website compromises.
It also found that the second quarter of 2009 demonstrated a sharp increase in data theft Trojans, with the rate of encounters increasing by 37 per cent in the second quarter of 2009. The most prevalent of these encounters were with Backdoor Trojans, which can lead to data theft, registry manipulation and full control of files on an infected system, among other things.
Landesman said: “It is alarming that the prevalence of data theft Trojans has increased so significantly this quarter, but not surprising. Stolen data is in high demand and in this economy cybercriminals are motivated to develop increasingly sophisticated tactics to obtain it.”