Internet Security Hass and Associates Reviews: 90% of Unknown Malware

Posted in the Jackson-Heights Forum


Brooklyn, NY

#1 Mar 30, 2013
90% of unknown malware is delivered via the web
A new study of malware takes an unusual approach – instead of analyzing known malware, it analyzes the unknown malware that traditional defenses miss; and finds that 90% is delivered from the web rather than via emails.
The study, The modern malware review, was undertaken by Palo Alto Networks drawing on data from more than 1000 enterprise customers that use its WildFire firewall option. Wildfire analyzes unknown files; that is, files that are neither whitelisted nor blacklisted. It is the unknown files that turned out to be unknown malware that have been analyzed: some 26,000 samples over a period of 3 months.
90% of the undetected malware is delivered via web browsing, implying that traditional AV is better at detecting email-borne viruses. In fact, it takes AV companies four times as long to detect web malware as it does to detect email malware (20 days rather than 5 days).
There are several reasons for this. Firstly, since email malware tends to be sent to multiple targets, there are multiple incidences waiting to be found in mailboxes and analyzed.“However a potentially more significant factor,” says the report,“is that web-based malware easily leverages server-side polymorphism.” Put simply, the malware is frequently and rapidly re-encoded to avoid detection,“which vastly reduces the likelihood that AV vendors will be able to capture the sample and create a signature.”
FTP was found to be particularly risky. The FTP malware samples are more likely to be unique (94% were seen only once), are often missed by the AV industry (95% were never covered), and are port-independent (97% used only non-standard ports).“It was the 4th most common source of unknown malware, the malware it delivered was rarely detected... and almost always operated on a non-standard port.”
The malware samples were found to make significant efforts at avoiding detection.“52% of observed malware behaviors focused on evading security or analysis, compared to only 15% focused on hacking and data theft.” The most common evasion technique is the ‘long sleep’. Code injection is another evasion technique, notable “because it allows malware to hide within another running process.” It is consequently invisible in the Task Manager, and can also foil some attempts at whitelisting on the host.
Nevertheless, the report suggests that 70% of this unknown malware shows indicators in the payload or traffic that could aid identification. Suspicious traffic is one of the biggest indicators – a behavior perhaps more easily detected by a firewall than anti-virus software. For example,“33% of the samples connected to new domains, DNS or fast-flux”, which lends itself to blocking. Similarly, 20% of the samples generated emails.“Network policy,” says the report,“should only allow email protocols to and from the corporate mail server, and block direct email to the Internet.”
Just detecting this unknown malware is not enough. The purpose of this review is to give the enterprise the information it needs to be more proactive.“Analyzing undetected malware in real networks,” said Wade Williamson, senior research analyst at Palo Alto Networks,“has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed.”
Some tips for you to know about:

Tell me when this thread is updated:

Subscribe Now Add to my Tracker

Add your comments below

Characters left: 4000

Please note by submitting this form you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms. Be polite. Inappropriate posts may be removed by the moderator. Send us your feedback.

Jackson-Heights Discussions

Title Updated Last By Comments
The Three R's: Reichwing Republican Rants (Sep '10) 6 min right back at ... 1,363
Another Republican Bites the Dust!! (Dec '11) 13 min truth be told 409
A Sea of Blue Salutes Fallen Police Officer 21 min JCK 2
Fox is going down (Dec '09) 23 min truth be told 5,770
Eric Garner Murdered by Cop 1 hr Rev Al 348
KWANZAA...fake holiday for fake people 1 hr Phantom babydaddy 1
Once slow-moving threat, global warming speeds ... (Dec '08) 1 hr LessHypeMoreFact 49,366

Jackson-Heights News Video

Jackson-Heights Dating
Find my Match
More from around the web

Jackson-Heights People Search

Addresses and phone numbers for FREE

Jackson-Heights News, Events & Info

Click for news, events and info in Jackson-Heights

Personal Finance

Mortgages [ See current mortgage rates ]

NFL Latest News

Updated 8:56 am PST

Sources: Ryan expects to be fired by Jets
NFL 9:05 AM
Jason Pierre-Paul: 'I think I'm worth a lot of money'
Bleacher Report 9:24 AM
Report: Jets HC Ryan 'Bracing for His Ouster'
Bleacher Report 6:10 PM
Could Cutler, Shanahan Reunion Work for Jets?
Bleacher Report 8:23 PM
RB Darkwa the Latest Giants Rookie to Shine