News

Study: Signature-based antivirus can't stop polymorphic malware, unknown malcode

Hillary O’Rourke, Contributor

New polymorphic malware discovered in the wild has an increasingly short shelf life, rendering signature-based antivirus

Requires Free Membership to View

protection largely ineffective against today’s attacks, a new study by Palo Alto Networks shows.

The Santa Clara, Calif.-based network security company used its new cloud-based virtual sandbox service called WildFire to analyze traffic moving through beta sites and its collection of honeypots on the Internet. The study determined  7% of unknown files encountered in the wild are actually malware and of those malicious files, 57% had no coverage by antivirus signatures.

“The problem is that attackers have figured out that if they really want to get in a network, they’ll attack it with something that’s never been used before,” said Wade Williamson, senior threat analyst at Palo Alto Networks.

Most of the polymorphic malware discovered was being updated every three to six days in order to avoid signature-based antivirus, Palo Alto said. Using WildFire, researchers were able to collect data throughout Europe, Asia and the United States and were able to analyze more than 10,000 unique samples of malware.

“What’s interesting,” said Williamson, “is that of all of the sites we looked at, all had unknown malware.”

WildFire, a free add-on to Palo Alto firewalls, examines outbound traffic in a cloud-based virtual sandbox for suspicious behavior that is blocked and eventually addressed with a new signature.

“Not only is it new and interesting technology, but it’s actually deployable,” Williamson said. “It makes it a really reasonable way to tackle this problem.”


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: