Enterprises Suffer from Bot-infected Systems Despite Updated Security Software

According to a recent research by security company Damballa, around 3-5% of all computers in an organization are bot-infected PCs despite the enterprises is maintaining up-to-date anti-malware solutions.

The experts state that the failure of company-standard antivirus to detect 20%-70% of freshly flowing threats such as common Trojan assaults and targeted attacks is partly responsible for the infection.

The company also discovered that the antivirus solutions could instantly capture only 53% of the malware items, while 32% were detected after a certain period of time and the rest 15% weren't intercepted at all. Moreover, the average time lag in interception and subsequent rectification was 54 days.

Bill Guerry, Vice President of Product Management and Marketing, Damballa, states that it is not just that the enterprises are not able to detect compromised systems with the installed AV solutions over a 54-day period, but they are also unable to repair the infected system, as reported by PRNewswire on March 2, 2009.

Elucidating on the low rate of detection, the security researchers said this is because the technique of detecting signature-based malicious programs used by majority of antivirus solutions to capture the malware. Other threats like zero-day malware, custom malware, and targeted attacks largely escape detection by these signature-based AV, the researchers said.

Moreover, Damballa has further noticed that there exists several hundred different botnets apart from Conficker or Storm that Guerry says have less impact on business organizations.

The security specialists also said the prime objective of botnets is to seize data while the targeted attacks via bot-infected systems cause the maximum damage and are the hardest to detect. Further, the malware responsible for such attacks has overpowered signature-based defenses and other enterprise AV solutions, in terms of speed of attack vs. response by anti-malware tools, the specialists commented.

In conclusion, Damballa experts stated that the gap between modern malware and similar antivirus software is the reason why the bot problem is so pronounced in today's enterprises.

Related article: Enterprising Hackers Commercialize Their Activities

» SPAMfighter News - 3/7/2009