Monday, November 7, 2011

Palo Alto Networks Warns that Unknown Malware is Rampant in Enterprises

Palo Alto Networks warned that previously unknown malware is a present danger to enterprise networks.

Using its new WildFire malware analysis engine, the company has uncovered hundreds of unique, previously-unknown malware samples on live networks. In fact, Palo Alto Networks reports that every network tested with WildFire's virtualized sandbox technology uncovered instances of real-world attacks from malware that was previously unknown to the security industry.

"I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks," said Wade Williamson, Senior Security Analyst at Palo Alto Networks. "Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines. The ability to detect, remediate and investigate unknown malware needs to become a practical part of a threat prevention strategy in the same way that IPS and URL filtering are used today."

Some key points:

Phishing campaigns are branching out to new applications, such as web-based file hosting and webmail applications, to deliver their malware.

Over a three month period of analyzing unknown files from the Internet entering enterprise networks, more than 700 unique malware samples were discovered, 57 percent of which had no coverage by any antivirus service or were unknown by Virus Total at the time of discovery. Out of all of the new malware identified, 15 percent also generated malicious or unknown outbound command and control traffic.

Zero-day malware is being distributed by a wide variety of web applications, in addition to the traditional HTTP web-browsing and email traffic commonly associated with malware distribution.

See also