Yet another study has found that traditional antivirus solutions are not identifying the vast majority of malware infecting networks via real-time applications such as web browsing.
The review found that 26,000 different malware samples were completely undetected by existing antivirus systems on networks monitored by the firm’s WildFire malware analysis service.
More importantly, the study found that 94% of the fully undetected malware found on networks was delivered via web browsing or web proxies.
Researchers noted that 70% of malware left identifiers in their traffic or payload that could be used by security teams for detection, while 40% of seemingly unique malware is actually repackaged versions of the same code.
In another key finding, the study identified FTP (File Transfer Protocol) as a highly-effective method for introducing malware to a network, with 95% of malware delivered via FTP going undetected for more than 30 days.
The study also found that modern malware is highly adept at remaining undetected on a host device.
Read more on antivirus:
- Antivirus evasion techniques show ease in avoiding antivirus detection
- The Demise in Effectiveness of Signature and Heuristic Based Antivirus
- Antivirus detection gap widening, say security researchers
- Study finds most antivirus products ineffective
- Little change to antivirus spend in 2013, survey shows
The review identified 30 different techniques for evading security and more than half of all malware behaviours studied were focused on remaining undetected.
“It’s not enough to simply detect malware out there that is evading traditional security; enterprises should come to expect more comprehensive prevention from their suppliers,” said Wade Williamson, senior research analyst, Palo Alto Networks.
“That’s what the Modern Malware Review is signaling – analysing undetected malware in real networks has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed,” he said.
The review provides recommended policies that can help security managers better protect their networks against malware attacks.
For example, by knowing that the majority of malware is simply repackaged versions of the same code, such as Zeus botnets, security teams can use a variety of indicators to identify it and create security policies that can automatically block it.