Global Threat Watch Levels

ESG's Global Threat Watch reflects the level of malware activity on the Internet. We use a threat ranking system based upon reports from various sources such as data collected and analyzed through our Malware Research Center.

Below are threat levels listed from low to extreme and how these levels are defined. For more on how a particular program is classified as malware and assigned a threat level, visit our Threat Assessment Model.

Threat Level 1: Low

Threat level 1 means it poses little or no real threat.

• Minimal activity has been reported.
• Threat potential greatly mitigated if programs are patched.
• Displays characteristics of a potentially unwanted program (PUP), able to negatively impact or change system and collect/transfer non-vital data, i.e. information about your computer. Removal may be as simple as uninstalling the program.
• Cases where an exploit requires manual steps to obscure settings, therefore, threat potential unlikely.
• Threat is localized and isolated to one particular group of people, so very small, targeted and thus contained.

Threat Level 2: Medium

Threat level 2 means it can negatively impact user’s Internet experience. Possibly exploit code has been published, elevating threat potential.

• Reverses browser settings to allow an annoying amount of pop-up windows.
• Collects non-invasive data and attempts to transfer results to one or more remote servers.
• Installs components without seeking user permission.
• Offers vague or incomplete end-user license agreement (EULA) to mislead user and circumvent true malicious intent.
• If uninstall is offered, it doesn’t work but instead feigns the process when its program has been rooted in memory.

Threat Level 3: High

Threat level 3 means it threatens the security of vital data stored in the browser or on the hard drive and disrupts the normal use of the system.

• Able to fake SSL certificates.
• Reconfigures the system without user permission, which includes installation of malicious components and changes to the Windows Registry.
• Collects both non-invasive and invasive (vital) data, encrypts and attempts to transfer results to one or more remote servers.
• No EULA shown during download and installation process.
• Displays surmountable pop-up advertisements.
• Hijacks browser and routes victim (PC user) to unwanted URLS, mainly to encourage click fraud, but also to websites that promote the purchase of a rogue security program or housing malware downloaded in a drive-by strategy.
• Aid of a rootkit that makes it difficult to remove using subpar removal attempts.
• Opens backdoor to give a hacker remote access and aids in Denial of Service (DDos) attacks.
• Can deactivate weaker security measures and disable administrative controls, making removal attempts difficult.

Threat Level 4: Extreme

Threat level 4 means it no patch immediately available, thus elevating the threat potential and warning vulnerable or poorly protected systems will most likely be attacked or exploited. Malware threat can cause undue system crash and damage PC, possibly causing loss of data (personal and program).

• Malicious code execution can occur without user interaction (UI).
• Can override user control and thus alter system configurations, including installs, without user knowledge or permission. Installs can be backdoors, keyloggers, dialers, etc.
• Can not only steal vital data, but capture financial data, including data being entered into web-based forms.
• Can reject uninstallation procedures and repeatedly boot from memory until aggressively removed.
• Use of a rootkit helps block subpar removal attempts, especially since weaker antivirus tools cannot search the kernel, BIOS or Master Boot Record where malware loves to hide.
• Can open a backdoor that gives a hacker remote access and allows him to turn the computer into a bot, thus draining the system resources in a DNS attack.
• Can hijack the browser and do the following:
  • Reroutes to sites encouraging click fraud
  • Reroutes to sites promoting purchase of a rogue security program
  • Reroutes to sites engaging in drive-by attacks that download malware without user interaction
  • Change the home page to an arbitrary search engine page encouraging click fraud so that when any link is clicked, the cybercriminal is rewarded pay-per-click revenue.

While some malware threats can be mitigated by keeping software updated and patched, most require tighter security measures that involve installation of a stealth antimalware solution and use of common safety guidelines when using the Internet. Therefore, take heed and be proactive versus waiting until the damage is already done and you are left staring at a blank screen or worrying about how to save or retrieve your valuable data.