Internet Security Hass and Associates Reviews: 90% of Unknown Malware - 1 views
-
aleenia mortiania on 13 May 1390% of unknown malware is delivered via the web A new study of malware takes an unusual approach - instead of analyzing known malware, it analyzes the unknown malware that traditional defenses miss; and finds that 90% is delivered from the web rather than via emails. The study, The modern malware review, was undertaken by Palo Alto Networks drawing on data from more than 1000 enterprise customers that use its WildFire firewall option. Wildfire analyzes unknown files; that is, files that are neither whitelisted nor blacklisted. It is the unknown files that turned out to be unknown malware that have been analyzed: some 26,000 samples over a period of 3 months. 90% of the undetected malware is delivered via web browsing, implying that traditional AV is better at detecting email-borne viruses. In fact, it takes AV companies four times as long to detect web malware as it does to detect email malware (20 days rather than 5 days). Source: http://www.liveleak.com/view?i=603_1364710455 There are several reasons for this. Firstly, since email malware tends to be sent to multiple targets, there are multiple incidences waiting to be found in mailboxes and analyzed. "However a potentially more significant factor," says the report, "is that web-based malware easily leverages server-side polymorphism." Put simply, the malware is frequently and rapidly re-encoded to avoid detection, "which vastly reduces the likelihood that AV vendors will be able to capture the sample and create a signature." FTP was found to be particularly risky. The FTP malware samples are more likely to be unique (94% were seen only once), are often missed by the AV industry (95% were never covered), and are port-independent (97% used only non-standard ports). "It was the 4th most common source of unknown malware, the malware it delivered was rarely detected... and almost always operated on a non-standard port." The malware samples were found to make significant efforts at avoiding detection.