In its monthly Global Threat Report issued today, ScanSafe, the pioneer and leading provider of SaaS Web Security, reported that the rate of zero-day malware blocks increased in November to 26%. The number increased significantly from the 16% of zero-day malware blocks reported in October and the 19% average reported for the year.


Throughout November, attackers were more intent than ever on ensuring the malware they used would bypass traditional security measures. Given the dynamic and costly nature of today’s Web threats, real-time scanning of Web traffic before it reaches the enterprise is more essential than ever.

In its latest report, ScanSafe also noted that backdoors and data theft Trojans increased from 13% of all Web malware blocks in October, to 30% of all blocks in November. Backdoors and data theft Trojans allow attackers to target exactly what type of information is stolen. For example, on a user’s home computer, these Trojans can enable attackers to target credit card or banking information. Similarly, on a corporate network, attackers can “custom fit” the malware to retrieve confidential or proprietary information. Because data theft Trojans can be remotely configured, they can be especially destructive and difficult to identify.

The recent increase in backdoors and data theft Trojans is very concerning given the seriousness of this category of malware. Heightened exposure indicates attackers are going to new extremes to get their malware in front of users, perhaps as a result of the declining economic climate.

The rate of exposure to compromised Web sites decreased in November, from 65% of all Web malware blocks to in October to 33% in November. However, the decline in exposure via compromised Web sites was offset by zero-day threats and the serious increase in risks from social engineering techniques. The end result: despite the decrease in website compromises, the overall rate of Web-based malware was only 2.4% less than the rate in October, the highest Web malware month in history.