Symantec Monday updated its DeepSight Threat Management System to provide customers with warnings of attacks specifically targeting their Internet domains.
The long-running vulnerability and exploit warning service will move up to version 7.0 later this month to account for the increasing number of narrow-cast attacks, said Dee Liebenstein, group program manager for DeepSight.
"The threat landscape is changing," Liebenstein said. "We haven't seen the kind of [massive] outbreaks as in past years, but we have seen an increase in the total number of attacks. The increase is coming from targeted attacks done for financial gain."
Most security vendors have noted similar findings: that the drop in large-scale events in the league of, say, MSBlast or Zotob, is due to attackers conducting more one-on attacks against specific companies or Web sites.
Lots of current DeepSight users, said Liebenstein, are using its research database to find those threats targeting their domains, so this move is not so much leading as following customers. "They're querying the database looking for those types of worms and backdoors, but with the volumes of malicious code, that's difficult. So we're now going to proactively alert them."
The new feature doesn't examine Net traffic patterns to determine targets, but instead looks inside malware to find the Internet domains embedded in the code. It may not be a perfect solution, Liebenstein said, but it's a start.