Threats

The largest knowledge base of Internet threats in the world

Symantec.cloud knows the enemy. We work around the clock to identify and stop millions of email, web and IM based threats every day before they can reach our customers. Whether its viruses, phishing attacks, malicious web links, spam, trojans, or spyware, we have a hard-earned reputation of stopping known and unknown threats long before the competition. We do this by drawing on the scale of our software as a service (SaaS) delivery model and the intelligence drawn from the billions of messages and web pages we process through our network every day. This intelligence is fed in ‘real time’ to our patented Skeptic technology to form the most comprehensive and up to date knowledge base of Internet threats in the world.



Viruses

>A COMPUTER VIRUS IS A FORM OF MALWARE. SOME VIRUS CODES ATTACH THEMSELVES TO A PROGRAM IN THE HOST COMPUTER. VIRUSES THAT CAN RUN INDEPENDENTLY ARE KNOWN AS WORMS. A VIRUS IS EITHER DESIGNED TO COMPROMISE ITS HOST OR TO SELF-REPLICATE TO INFECT OTHER COMPUTERS.
Netsky

Virut
Parite / Netsky
Netsky
Virut
Parite / Netsky
Imsolk.b
Conficker
Loveletter
Imsolk.b
Conficker
Loveletter


Spam

>SPAM IS AN UNSOLICITED EMAIL. SPAMMERS SEND OUT MILLIONS OF IDENTICAL EMAILS, USUALLY FOR FINANCIAL GAIN. SPAM HAS BECOME INCREASINGLY SOPHISTICATED IN ORDER TO AVOID DETECTION, WITH AN INCREASE IN THE USE OF MALICIOUS LINKS, PDF, XLS AND MP3 SPAM.
Russian3
Degreesdiplomas
Scamfraud4198
Russian3
Degreesdiplomas
Scamfraud4198
Rustock
    
Rustock
    


Phishing Attacks

>PHISHING IS A SPAMMING TECHNIQUE USED TO TRICK VICTIMS INTO REVEALING CONFIDENTIAL INFORMATION SUCH AS BANK DETAILS AND PASSWORDS. CYBER-CRIMINALS MIMIC EMAILS FROM REPUTABLE COMPANIES TO LURE VICTIMS TO SPOOF WEBSITES WHERE THEY ARE ASKED TO INPUT THEIR PERSONAL DETAILS.
Phishing1
Phishing2
Phishing9
Phishing1
Phishing2
Phishing9


Spyware

>SPYWARE IS AN APPLICATION WHICH SENDS THE VICTIM’S PRIVATE INFORMATION AND WEB SURFING HABITS TO A CYBER-CRIMINAL’S WEBSITE. SPYWARE OFTEN INSTALLS ITSELF WITHOUT THE USER’S KNOWLEDGE OR EXPLICIT PERMISSION.
Rogueware Spysherif
Ghost
  
Rogueware Spysherif
Ghost
  


Malicious Links

>A MALICIOUS LINK IS A HYPERTEXT LINK THAT SENDS THE USER TO A WEBSITE. THE SITE THEN INFECTS THE VICTIM’S COMPUTER WITH MALWARE. USING WEB LINKS IS A COMMON TECHNIQUE BECAUSE IT AVOIDS THE USE OF MALICIOUS CODE WITHIN THE EMAIL.
Postcard
Storm
  
Postcard
Storm
  


Trojans

>UNLIKE VIRUSES, TROJANS ARE SELF-CONTAINED PROGRAMS WHICH RUN INDEPENDENTLY. AS THE NAME SUGGESTS, TROJANS ARE DISGUISED TO BE MORE DESTRUCTIVE THAN THEY FIRST SEEM. THEY CAN CONCEAL MALICIOUS PAYLOADS WHICH DOWNLOAD CONFIDENTIAL INFORMATION FOR CYBER-CRIMINALS.
Pwslineage
Trojagentil3
Bredolab
Pwslineage
Trojagentil3
Bredolab


IM Threats		    


>PSYME
>Trojan Downloader
 By simply visiting a legitimate website which had been comprised by Psyme, a user can unknowingly become infected with spyware or some other type of malware, such as a botnet. This sample was downloaded by visiting a website accessed through a hyperlink shared over IM.
PSYME    


>CLICKER
>IM Worm
 'Drive-by' attacks over IM cause fast-spreading damage. An IM is sent to all the contacts in the victims' contact lists with a malicious hyperlink contained in the message. When activated, each new victim's contact list will also be spammed with malicious hyperlinks, and so on.
CLICKER    


>CUTWAIL
>INSTALLER TROJAN
 CUTWAIL also known as PUSHDO and PANDEX, is currently one of the world’s largest botnets controlling more than one million active bots.
CUTWAIL    


>CIMUZ
>INFORMATION-STEALING TROJAN
 CIMUZ is an information-stealing Trojan that hooks itself into Internet Explorer. By capturing information entered or saved by the user, including passwords, keystrokes and other confidential information, it transmits the harvested data to its controller. This terminates security software and unlocks firewalls, leaving the computer vulnerable to further attacks.
CIMUZ    


>TODYNHO
>INFORMATION-STEALING TROJAN
 TODYNHO is an information-stealing Trojan originating from Brazil that steals a victim’s bank account details. The name TODYNHO was taken from the name of the email attachment.
TODYNHO    


>HUIGEZI
>TARGETED TROJAN
 HUIGEZI is a targeted Trojan dropped via a PDF exploit. It spies on audio and video communications, in addition to web, email, IM and others. It is most commonly used for industrial espionage.
HUIGEZI    


>TT.PDF
>TARGETED TROJAN
 TT.PDF is a PDF attached to an email which doesn’t contain any real content. If opened a message is displayed stating that the document is damaged and is being repaired. The document viewer may then crash as malicious code is written to disk and then executed. The first thing it then does is to display another PDF with the expected content in order to cover its tracks.
TT.PDF    


>TT.DOC
>TARGETED TROJAN
 TT.DOC is document used to conceal a targeted trojan. It arrives in an email claiming to contain a report about security issues for the Beijing Olympics and was sent to a small number of businesses and sporting bodies involved with the Olympic Games.
TT.DOC