New polymorphic malware discovered inside the wild has an increasingly short shelf life, rendering signature-based antivirus protection largely ineffective against today's attacks, a brand new study by Palo Alto Networks shows.
The Santa Clara, Calif.-based network security company used its new cloud-based virtual sandbox service called WildFire to investigate traffic moving through beta sites and its selection of honeypots on the web. The study determined  7% of unknown files encountered within the wild at the moment are malware and of these malicious files, 57% had no coverage by antivirus signatures.
“The problem is that attackers have discovered that in the event that they actually need to get in a network, they'll
attack it with something that's never been used before,†said Wade Williamson, senior threat analyst at Palo Alto Networks.
Most of the polymorphic malware discovered was being updated every three to 6 days so as to avoid signature-based antivirus, Palo Alto said. Using WildFire, researchers were capable of collect data throughout Europe, Asia and the usa and were ready to analyze greater than 10,000 unique samples of malware.
“What's interesting,†said Williamson, “is that of each of the sites we checked out, all had unknown malware.â€
WildFire, a free add-directly to Palo Alto firewalls, examines outbound traffic in a cloud-based virtual sandbox for suspicious behavior which is blocked and at last addressed with a brand new signature.
“Not only is it new and fascinating technology, but it's actually deployable,†Williamson said. “It makes it an incredibly reasonable method to tackle this problem.â€
Nessun commento:
Posta un commento
Comments links could be nofollow free