Softpedia >News >Security
Softpedia Homepage   

Unknown Malware Represents a Constant Threat to Organizations

New techniques and mechanisms make it hard for commercial products to detect them

Nov 9, 2011 18:31 GMT  ·  By
Malware always finds a way to infiltrate a network
   Malware always finds a way to infiltrate a network

Researchers revealed that a large number of previously unidentified pieces of malware are constantly targeting enterprise networks.

Palo Alto Network security experts conducted a study in which they used their WildFire malware analysis engine to show how hundreds of samples that are undetected by most security solution vendors can affect the integrity of the company's infrastructures.

The numbers reveal that during a three-month period, in which enterprise networks were analyzed, more than 700 malicious elements attacked their networks from the internet, more than half of which were not detected by any commercial product.

About 15% of the newly identified malware generated traffic between the victim devices and C&C servers which were probably controlled by hackers.

“I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks. Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines," said Wade Williamson, senior security analyst at Palo Alto Networks.

“The ability to detect, remediate and investigate unknown malware needs to become a practical part of a threat prevention strategy in the same way that IPS and URL filtering are used today.”

The research also found that zero-day malware was not distributed only by web browsing or email traffic but also other web applications.

“It's important to note this, because many enterprises only inspect email or FTP traffic for malware but do not have the ability to scan other applications. Applications that tunnel within HTTP or other protocols can carry malware that will be invisible to a traditional anti-malware solution,” Williamson added.

Another interesting result refers to how phishing has improved lately. It turns out that even web-based file hosting and webmail applications are used by cybercrimininals to serve their malicious software.