| Threat Assessment Report

Webroot October 2018 OMNI REPORT

Webroot : AV Threat Report

Without exception, organizations are facing a surge of attacks that are succeeding in breaching their existing layers of defenses. As the gold standard for endpoint remediation, Malwarebytes has unmatched the visibility into the threats that have evaded detection and have infected endpoints around the world. Most organizations underestimate the infection rate of their endpoints as many threats go undetected and hidden. This is a costly issue. This Omni Report highlights the attacks missed by Webroot over the course of 2016-12-08 to 2018-09-15. The report focuses exclusively on remediation events processed by Malwarebytes, indicating that the machine was positively infected.

Detections per Infected Machine Total Detections 4.3 1,012,656

Infection Rate

Infected Machines: 233,325

16.8% Infected (233,325 Machines)

Clean Machines: 1,152,337

The chart above shows the infection rate across scans on machines currently installed with Webroot. OMNI REPORT

Webroot : AV Threat Report

257,872

250,000 Infected Machines: Critical Detections Found

200,000

150,000 Detections

100,000 64,024

36,275 50,000 21,975 14,272 6,835 3,968 585

0 Trojan Rootkit Rogue Backdoor Spyware Ransom Worm Exploit

The chart above highlights the type of detection that was identified and remediated on machines currently installed with Webroot. OMNI REPORT

Webroot : Specific Threats Found (Infected Machines) Threat Categories Threat Variants

Threat Categories Detections  % of Total Threat Variants Detections  % of Total

Adware 347,819 34.3% Generic.Malware/Suspicious 95,625 9.4%

Trojan 257,872 25.5% Rootkit.Fileless.MTGen 62,002 6.1%

Generic 95,625 9.4% Trojan.Kovter 43,939 4.3%

RiskwareTool 65,676 6.5% Adware.Cmptch.Generic 42,185 4.2%

Rootkit 64,024 6.3% Trojan.Fileless.MTGen 42,167 4.2%

Hijacker 60,094 5.9% Adware.Yontoo 36,269 3.6%

Rogue 36,275 3.6% Adware.WinYahoo 35,839 3.5%

Backdoor 21,975 2.2% Hijack.ControlPanelStyle 33,357 3.3%

Spyware 14,272 1.4% Rogue.SearchEncrypt 20,624 2.0%

HackTool 13,399 1.3% Trojan.Agent 19,474 1.9%

MachineLearning/Anomalous 13,034 1.3% Trojan.Floxif 18,476 1.8%

Ransom 6,835 0.7% Adware.Elex.ShrtCln 18,443 1.8%

CrackTool 5,296 0.5% RiskWare.DontStealOurSoftware 17,210 1.7%

Worm 3,968 0.4% Adware.MoboGenie 15,719 1.6%

CheatTool 1,889 0.2% Backdoor.Agent.Generic 13,069 1.3%

Unknown 1,289 0.1% Trojan.BHO.Generic 12,845 1.3%

FraudTool 1,176 0.1% Trojan.Emotet 11,278 1.1%

Heuristics 772 0.1% RiskWare.IFEOHijack 10,422 1.0%

Exploit 585 0.1% RiskWare.BitCoinMiner 9,621 1.0%

Virus 371 0.0% Adware.Elex 8,648 0.9%

Joke 148 0.0% Adware.DNSUnlocker.ACMB2 7,893 0.8%

PornTool 98 0.0% Adware.NeoBar 7,786 0.8%

Legitimate 40 0.0% Adware.DNSUnlocker 7,765 0.8%

SpamTool 33 0.0% MachineLearning/Anomalous.100% 7,589 0.7%

Bootkit 25 0.0% Hijack.Host 6,720 0.7%

CryptTool 22 0.0% Trojan.DNSChanger.ACMB2 6,150 0.6%

DDoS 18 0.0% Hijack.FolderOptions 5,725 0.6%

VirTool 8 0.0% Trojan.Agent.Generic 5,583 0.6%

MisusedLegit 6 0.0% Spyware.OnlineGames 4,871 0.5%

FileBinder 6 0.0% Rogue.ForcedExtension 4,724 0.5%

Hoax 6 0.0% Adware.DealPly.Generic 4,650 0.5%

Total 1,012,656 100% Adware.QIPApp 4,575 0.5%

Adware.Agent.Generic 4,546 0.4%

Adware.Agent 4,233 0.4%

Trojan.TrickBot 4,078 0.4%

Adware.ChinAd 3,882 0.4%

Adware.MultiPlug 3,440 0.3%

Trojan.Floxif.Trace 3,413 0.3%

Adware.GeniusBox 3,373 0.3%

Spyware.TrickBot 3,328 0.3%

Trojan.Agent.Trace 3,221 0.3%

Adware.Adposhel 3,179 0.3%

RiskWare.Tool.HCK 3,140 0.3%

Trojan.MalPack 3,094 0.3% OMNI REPORT

Threat Variants Detections  % of Total

Adware.1ClickDownload 3,080 0.3%

Trojan.Agent.VBS 3,038 0.3%

Adware.InstallMonster 3,025 0.3%

Adware.TryMedia 3,015 0.3%

Trojan.BitCoinMiner 2,958 0.3%

Trojans continue to be highly prevalent and allow cyber-criminals to spy on systems, obtain confidential data, and gain backdoor access to systems.

Ransomware appears in relatively low volume. However, it represents a large portion of threats in the wild due to its crippling business impact and the likelihood of businesses to pay ransoms in the hope of unencrypting files. Typical remediation can effectively remove ransomware from a machine. However, the businesses encrypted files will remain encrypted post-remediation (a key is required to unencrypt the files). Malwarebytes provides modern remediation with ransomware rollback capabilities; however, this needs to be installed on machines prior to an attack in order to roll back the file encryption actions. OMNI REPORT

Webroot : Malware Velocity Board Top 20 Malware by Detection Count: Webroot installed (Remediation + Real-Time Protection)

Last 4 Hours Yesterday Last 7 Days

Generic.Malware/Suspiciou Generic.Malware/Suspiciou Generic.Malware/Suspiciou

Trojan.Emotet Backdoor.Agent.Generic Backdoor.Agent.Generic

Backdoor.Agent.Generic MachineLearning/Anomalo MachineLearning/Anomalo

RiskWare.BitCoinMiner RiskWare.DontStealOurSof RiskWare.DontStealOurSof

MachineLearning/Anomalo Hijack.FolderOptions Rootkit.Fileless.MTGen

Trojan.Agent RiskWare.BitCoinMiner Hijack.FolderOptions

RiskWare.DontStealOurSof Rogue.SearchEncrypt Rogue.SearchEncrypt

Trojan.BitCoinMiner Rootkit.Fileless.MTGen RiskWare.BitCoinMiner

Trojan.Dropper RiskWare.IFEOHijack RiskWare.IFEOHijack

Trojan.TrickBot.E Spyware.OnlineGames Backdoor.Bot

Adware.TryMedia RiskWare.IPScan MachineLearning/Anomalo

MachineLearning/Anomalo MachineLearning/Anomalo MachineLearning/Anomalo

Spyware.Ursnif RiskWare.BrowserHistoryV RiskWare.BrowserHistoryV

Adware.FusionCore Hijack.Host Spyware.OnlineGames

Adware.Appearch MachineLearning/Anomalo Hijack.Host

Rootkit.Fileless.MTGen CrackTool.Agent RiskWare.IPScan

Exploit.ShadowBrokers Spyware.TrickBot RiskWare.HeuristicsReserv

Heuristics.Shuriken MachineLearning/Anomalo MachineLearning/Anomalo

Adware.Sendori RiskWare.HeuristicsReserv Spyware.TrickBot

Adware.Yontoo MachineLearning/Anomalo RiskWare.ExtensionMismat

www.malwarebytes.com | [email protected] | 1.800.520.2796 |