Skip to main content
Key findings from the Webroot 2016 Threat Brief include:

 


  • Malware and potentially unwanted applications (PUAs) have become overwhelmingly polymorphic, with 97% of malware morphing to become unique to a specific endpoint device. By changing attributes to evade detection, polymorphic threats pose a major problem for traditional, signature-based security approaches, which often fail to discover singular variants.
  • Approximately 50 percent of Webroot users experienced a first contact with a zero-day phishing site, as compared to approximately 30 percent in 2014. This data indicates that zero-day phishing attacks are becoming the hacker’s choice for stealing identities.
  • Technology companies, including Google, Apple and Facebook, were targeted by more than twice as many phishing sites as financial institutions, such as PayPal, Wells Fargo, and Bank of America. These tech companies are targeted because the same login credentials are often used to access many other websites, resulting in multiple compromised accounts with each phishing victim.
  • 100,000 net new malicious IP addresses were created per day in 2015, a significant increase from the 2014 average of 85,000 a day indicating cybercriminals rely less on the same list of IPs, and are expanding to new IPs to avoid detection.
  • The U.S. continues to have the most malicious IP addresses of all countries. In 2015, it accounted for over 40 percent of all malicious IP addresses, a significant increase from 31 percent of malicious addresses in 2014. Top countries hosting 75 percent of malicious IPs include the U.S., China, Japan, Germany, and the UK.
  • As with malicious IP addresses, malicious URLs are largely hosted in the U.S. (30 percent), followed by China (11 percent). Furthermore, the U.S. is by far the largest host of phishing sites, with 56 percent of sites within its borders.
  • In the second half of 2015, 52 percent of new and updated apps were unwanted or malicious—a significant increase over the first half of 2014, when only 21 percent were unwanted or malicious.
 

See the attached full threat brief for more details.

 

 
Thanks ? I posted it on a couple other sites.

 

Daniel 😉
Thanks for spreading the word!
Thanks ?, for all this information and updates! Also thanks Daniel for spreading the word!!

 

 
Thanks for the heads up...very useful to know.
What about third party search engines that HIJACK your home page. When you install the latest Chrome Update. That "must be installed by you".  Specifically: Bilisearch.com.  Similar to Search.com problem from 2015, according to Microsft. ???
Hi userfriendly

 

Welcome to the Community Forums.

 

What you are referring to is what we in the Community refer to as a PUA (or Potentially Unwanted Application). Very annoying at best in that they cause pop-us, redirect your browser home page, and other behaviour that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information.

 

The issue here lies in the fact that there is in many cases a fine line between what is and is not a PUA, i.e., one person's PUA may be another person's favourite search engine or the like. Hence a broad brush approach at removal and/or blocking installation can for some security companies be seen as problematic, i.e., possibility of litigation, etc.

 

The deployment methods do not help either as often they are installed intentionally by the user as browser add-ons for various tasks such as quick search tools... with the added annoying pop-ups and ads. But at other times they 'piggy back' with other software that the user installed, often without notification or if notification is provided it is minimal, hard to read, confusing, etc.

 

So a bit of a minefield...to sat the least.

 

WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behaviour that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.

 

For those that are not detected by WSA, Webroot have provided this KB Article. It has some easy to follow directions on locating and removing PUA's. You may also want to submit a Support Ticket, especially if you cannot remove it easily from the directions in the KB Article.

 

Hope that helps to explain the 'issue' and the Webroot approach to it?

 

Regards, Baldrick

Reply