| Threat Assessment Report
Webroot October 2018 OMNI REPORT
Webroot : AV Threat Report
Without exception, organizations are facing a surge of attacks that are succeeding in breaching their existing layers of defenses. As the gold standard for endpoint remediation, Malwarebytes has unmatched the visibility into the threats that have evaded detection and have infected endpoints around the world. Most organizations underestimate the infection rate of their endpoints as many threats go undetected and hidden. This is a costly issue. This Omni Report highlights the attacks missed by Webroot over the course of 2016-12-08 to 2018-09-15. The report focuses exclusively on remediation events processed by Malwarebytes, indicating that the machine was positively infected.
Detections per Infected Machine Total Detections 4.3 1,012,656
Infection Rate
Infected Machines: 233,325
16.8% Infected (233,325 Machines)
Clean Machines: 1,152,337
The chart above shows the infection rate across scans on machines currently installed with Webroot. OMNI REPORT
Webroot : AV Threat Report
257,872
250,000 Infected Machines: Critical Detections Found
200,000
150,000 Detections
100,000 64,024
36,275 50,000 21,975 14,272 6,835 3,968 585
0 Trojan Rootkit Rogue Backdoor Spyware Ransom Worm Exploit
The chart above highlights the type of detection that was identified and remediated on machines currently installed with Webroot. OMNI REPORT
Webroot : Specific Threats Found (Infected Machines) Threat Categories Threat Variants
Threat Categories Detections % of Total Threat Variants Detections % of Total
Adware 347,819 34.3% Generic.Malware/Suspicious 95,625 9.4%
Trojan 257,872 25.5% Rootkit.Fileless.MTGen 62,002 6.1%
Generic 95,625 9.4% Trojan.Kovter 43,939 4.3%
RiskwareTool 65,676 6.5% Adware.Cmptch.Generic 42,185 4.2%
Rootkit 64,024 6.3% Trojan.Fileless.MTGen 42,167 4.2%
Hijacker 60,094 5.9% Adware.Yontoo 36,269 3.6%
Rogue 36,275 3.6% Adware.WinYahoo 35,839 3.5%
Backdoor 21,975 2.2% Hijack.ControlPanelStyle 33,357 3.3%
Spyware 14,272 1.4% Rogue.SearchEncrypt 20,624 2.0%
HackTool 13,399 1.3% Trojan.Agent 19,474 1.9%
MachineLearning/Anomalous 13,034 1.3% Trojan.Floxif 18,476 1.8%
Ransom 6,835 0.7% Adware.Elex.ShrtCln 18,443 1.8%
CrackTool 5,296 0.5% RiskWare.DontStealOurSoftware 17,210 1.7%
Worm 3,968 0.4% Adware.MoboGenie 15,719 1.6%
CheatTool 1,889 0.2% Backdoor.Agent.Generic 13,069 1.3%
Unknown 1,289 0.1% Trojan.BHO.Generic 12,845 1.3%
FraudTool 1,176 0.1% Trojan.Emotet 11,278 1.1%
Heuristics 772 0.1% RiskWare.IFEOHijack 10,422 1.0%
Exploit 585 0.1% RiskWare.BitCoinMiner 9,621 1.0%
Virus 371 0.0% Adware.Elex 8,648 0.9%
Joke 148 0.0% Adware.DNSUnlocker.ACMB2 7,893 0.8%
PornTool 98 0.0% Adware.NeoBar 7,786 0.8%
Legitimate 40 0.0% Adware.DNSUnlocker 7,765 0.8%
SpamTool 33 0.0% MachineLearning/Anomalous.100% 7,589 0.7%
Bootkit 25 0.0% Hijack.Host 6,720 0.7%
CryptTool 22 0.0% Trojan.DNSChanger.ACMB2 6,150 0.6%
DDoS 18 0.0% Hijack.FolderOptions 5,725 0.6%
VirTool 8 0.0% Trojan.Agent.Generic 5,583 0.6%
MisusedLegit 6 0.0% Spyware.OnlineGames 4,871 0.5%
FileBinder 6 0.0% Rogue.ForcedExtension 4,724 0.5%
Hoax 6 0.0% Adware.DealPly.Generic 4,650 0.5%
Total 1,012,656 100% Adware.QIPApp 4,575 0.5%
Adware.Agent.Generic 4,546 0.4%
Adware.Agent 4,233 0.4%
Trojan.TrickBot 4,078 0.4%
Adware.ChinAd 3,882 0.4%
Adware.MultiPlug 3,440 0.3%
Trojan.Floxif.Trace 3,413 0.3%
Adware.GeniusBox 3,373 0.3%
Spyware.TrickBot 3,328 0.3%
Trojan.Agent.Trace 3,221 0.3%
Adware.Adposhel 3,179 0.3%
RiskWare.Tool.HCK 3,140 0.3%
Trojan.MalPack 3,094 0.3% OMNI REPORT
Threat Variants Detections % of Total
Adware.1ClickDownload 3,080 0.3%
Trojan.Agent.VBS 3,038 0.3%
Adware.InstallMonster 3,025 0.3%
Adware.TryMedia 3,015 0.3%
Trojan.BitCoinMiner 2,958 0.3%
Trojans continue to be highly prevalent and allow cyber-criminals to spy on systems, obtain confidential data, and gain backdoor access to systems.
Ransomware appears in relatively low volume. However, it represents a large portion of threats in the wild due to its crippling business impact and the likelihood of businesses to pay ransoms in the hope of unencrypting files. Typical remediation can effectively remove ransomware from a machine. However, the businesses encrypted files will remain encrypted post-remediation (a key is required to unencrypt the files). Malwarebytes provides modern remediation with ransomware rollback capabilities; however, this needs to be installed on machines prior to an attack in order to roll back the file encryption actions. OMNI REPORT
Webroot : Malware Velocity Board Top 20 Malware by Detection Count: Webroot installed (Remediation + Real-Time Protection)
Last 4 Hours Yesterday Last 7 Days
Generic.Malware/Suspiciou Generic.Malware/Suspiciou Generic.Malware/Suspiciou
Trojan.Emotet Backdoor.Agent.Generic Backdoor.Agent.Generic
Backdoor.Agent.Generic MachineLearning/Anomalo MachineLearning/Anomalo
RiskWare.BitCoinMiner RiskWare.DontStealOurSof RiskWare.DontStealOurSof
MachineLearning/Anomalo Hijack.FolderOptions Rootkit.Fileless.MTGen
Trojan.Agent RiskWare.BitCoinMiner Hijack.FolderOptions
RiskWare.DontStealOurSof Rogue.SearchEncrypt Rogue.SearchEncrypt
Trojan.BitCoinMiner Rootkit.Fileless.MTGen RiskWare.BitCoinMiner
Trojan.Dropper RiskWare.IFEOHijack RiskWare.IFEOHijack
Trojan.TrickBot.E Spyware.OnlineGames Backdoor.Bot
Adware.TryMedia RiskWare.IPScan MachineLearning/Anomalo
MachineLearning/Anomalo MachineLearning/Anomalo MachineLearning/Anomalo
Spyware.Ursnif RiskWare.BrowserHistoryV RiskWare.BrowserHistoryV
Adware.FusionCore Hijack.Host Spyware.OnlineGames
Adware.Appearch MachineLearning/Anomalo Hijack.Host
Rootkit.Fileless.MTGen CrackTool.Agent RiskWare.IPScan
Exploit.ShadowBrokers Spyware.TrickBot RiskWare.HeuristicsReserv
Heuristics.Shuriken MachineLearning/Anomalo MachineLearning/Anomalo
Adware.Sendori RiskWare.HeuristicsReserv Spyware.TrickBot
Adware.Yontoo MachineLearning/Anomalo RiskWare.ExtensionMismat
www.malwarebytes.com | [email protected] | 1.800.520.2796 |