Majority of malware too fast for antivirus, according to Palo Alto research

Tomorrow, Palo Alto Networks will release details of a malware study conducted using its Wildfire technology. The findings suggest AV vendors are falling further behind in detecting new threats.

That a firewall vendor would question the effectiveness of AV vendors is hardly surprising. That's what competitors do. But the raw data interested me enough to mention here.

Using its new WildFire firewall service, the vendor identified over 10,000 unique samples of malware, of which 57 percent had no coverage by any antivirus vendor at the time of discovery. Fifteen percent generated unknown traffic on the network.

Among other findings:

•Seven percent of unknown files encountered in the wild were malware.

•Of those malicious files, 57 percent had no coverage by any AV vendor at the time the malware was discovered by WildFire.

•AIM-Mail and Hotfile had very high rates of targeted malware with malware outnumbering clean files by 10 to 1.

•These applications showed polymorphism, where infecting files with the same name were updated every 3 to 6 days in order to avoid AV signatures.

•Overall, email protocols still had the highest overall volume of delivered malware

•These applications will often require multiple levels of decoding in order to see the infecting file and would likely be missed without App-ID.

•Fifteen percent of newly discovered malware were found to generate unknown traffic signatures.

--Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

Get your morning news fix with the daily Salted Hash e-newsletter!

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies