Check out our previous article
A Closer Look at Endpoint Security
Introduction
Organizations today face a threat landscape that increasingly involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to their corporate brand. To stay ahead of this emerging breed of security threats, organizations must advance their endpoint protection.
This article shows how Symantec Endpoint Protection enables organizations to take a more effective approach to protect their laptops, desktops, and servers.
An evolving threat landscape
The latest Symantec Internet Security Threat Report, released in September, offers vivid evidence of the new security threats that organizations must comba
For example, Symantec’s research indicates that attackers are moving toward using Trojans as a means of installing malicious code on computers. This is typical of the multiple staged attacks that Symantec is observing with increasing frequency. In these attacks, an initial compromise is not always intended to perform malicious activity directly, but to provide a launching point for subsequent, more malicious attack activity.
During the first half of 2007, Trojans made up 54% of the top 50 malicious code reports, an increase over the 45% reported in the final six months of 2006. Trojans are gaining prominence because they generate a low volume of traffic compared to network and mass-mailing worms. As a result, they are less likely to draw the attention of higher-profile threats. Furthermore, malicious code writers may be turning to Trojans because network perimeter defenses and desktop firewalls, neither of which affect Trojans, make it harder for network worms to propagate widely.
The most widely reported new malicious code family during this reporting period was the Peacomm Trojan, also known as the Storm Trojan. This Trojan was spammed in high volumes, prompting Symantec to classify it as a Category 3 threat. When Peacomm installs itself on a computer, it attempts to hide itself using rootkit techniques.
Rootkits are stealth applications or scripts that a hacker uses to gain an undetectable presence on a system, which also provides the hacker administrator-level access to that system. Ready-to-use rootkit applications are now widely available on the Internet, giving inexperienced hackers the ability to use a rootkit without having to understand how it works. Rootkits are often used to collect confidential information such as user IDs, account numbers, and passwords. To detect and remove rootkits, a thorough analysis and repair needs to be performed on an operating system.
Further confirmation of the emergence of such threats was provided in October when online powerhouse eBay announced the results of an in-depth analysis of its threat situation. The company said that online attackers have become more sophisticated, with malware developers now being funded to develop new and improved attacks.
“The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling,” said Dave Cullinane, eBay’s chief information and security officer, speaking at a security symposium at Santa Clara University.
