Bulk of “Unidentified” Malware Delivered to Systems through Web-based Attacks

The lot of "unidentified" malware is transported through Web-based attacks, proxies and FTP sessions, as per the study, called as "The Modern malware Review" launched recently by security firm Polo Alto Networks.

The study drawn on the base of data from an access of 1000 enterprise customers confronted with more than 26,000 malware samples, and directed on what the firm calls unidentified and unrecognized spam samples that got past other anti-malware system.

The discovery of the report says that 90% of the unidentified malware is transported through web browsing, showing that domestic AV is superior at finding email-borne viruses, actually, for AV Companies, it is four times as long to catch web malware as it does to find email malware (20 days rather than 5 days).

Various underlying reasons held true for this. Firstly, as email malware seems to be sent too many targets, there are many instances waiting to be investigated in mailboxes and processes. "Nevertheless, a potentially more important factor," claims that the report, "is that web-based malware smoothly leverages server-side polymorphism." In other words, the malware is continuously and hurriedly re-encoded to neglect identification, "which greatly decreases the occurrence that AV vendors will be capable to grab the sample and make a mark.

Luckily, the report named FTP-based exploits "among the most efficient and evasion sources of malware;" 94% of FTP samples were the sole to see while 95% were never observed by anti-virus and 97% used non standard ports to compromise system.

"FTP had the shameful differentiation of being both an ordinary source of unidentified malware also as one of the sources that hardly obtained any coverage," as per the report. To overcome growing threats, wade Williamson, senior security Analyst at Polo Alto network; also do a better of recognizing types of bogus malware, as printed by scmagazine.com dated March 27, 2013.

"We have got to do a better job of just viewing the file name, URL or the hash value, " he said. "We have got to be able to get some of those types so we are not reanalyzing the some versions of malware with same disguise".

Related article: Blogs With Malware Make Them Risky

» SPAMfighter News - 4/4/2013