Web and FTP top malware risks, study finds

Study finds traditional antivirus solutions not identifying the majority of malware infecting networks via real-time applications such as browsing

Yet another study has found that traditional antivirus solutions are not identifying the vast majority of malware infecting networks via real-time applications such as web browsing.

But the Modern Malware Review by Palo Alto Networks claims to be the first industry report to examine the behaviour of unknown malware throughout its entire lifecycle.

The review found that 26,000 different malware samples were completely undetected by existing antivirus systems on networks monitored by the firm’s WildFire malware analysis service. 

More importantly, the study found that 94% of the fully undetected malware found on networks was delivered via web browsing or web proxies.

Researchers noted that 70% of malware left identifiers in their traffic or payload that could be used by security teams for detection, while 40% of seemingly unique malware is actually repackaged versions of the same code.

In another key finding, the study identified FTP (File Transfer Protocol) as a highly-effective method for introducing malware to a network, with 95% of malware delivered via FTP going undetected for more than 30 days.

The study also found that modern malware is highly adept at remaining undetected on a host device. 

The review identified 30 different techniques for evading security and more than half of all malware behaviours studied were focused on remaining undetected.

“It’s not enough to simply detect malware out there that is evading traditional security; enterprises should come to expect more comprehensive prevention from their suppliers,” said Wade Williamson, senior research analyst, Palo Alto Networks.

“That’s what the Modern Malware Review is signaling – analysing undetected malware in real networks has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed,” he said.

The review provides recommended policies that can help security managers better protect their networks against malware attacks. 

For example, by knowing that the majority of malware is simply repackaged versions of the same code, such as Zeus botnets, security teams can use a variety of indicators to identify it and create security policies that can automatically block it.

Read more on Antivirus, firewall and IDS products