Network security study reveals 26,000 undetected malware samples

A two-month study has identified 26,000 unique malware samples that were completely undetected by existing anti-virus solutions.

The study by Palo Alto Networks found that web-based malware stays hidden for an average of 20 days before being detected, as opposed to five days for email-based malware, while 94 per cent of the undetected malware was delivered via web browsing or web proxies.

According to the company report, malware samples were collected in live enterprise networks from its WildFire malware protection. As part of its normal analysis, it tested malware samples collected by WildFire against fully updated anti-virus products from six industry-leading enterprise anti-virus vendors.

The report said: “The intent is not to point out that some malware gets by traditional anti-virus, but rather to provide actionable insight into the problem – what malware strategies are the most successful, why, and how can security teams respond.”

Wade Williamson, senior research analyst at Palo Alto Networks, said: “It's not enough to simply detect malware out there that is evading traditional security. Enterprises should come to expect more comprehensive prevention from their vendors. That's what the Modern Malware Review is signalling – analysing undetected malware in real networks has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed.”

In its recommendations, it said that the data shows that web-based applications are significantly more successful at both avoiding traditional anti-virus and remaining unknown for extended periods of time, and advised security teams to expect and be prepared to enforce at the network by not only incorporating anti-malware technologies in new places, but also to do it at new speeds.

It also recommended expecting unknowns, and add the ability to definitively identify malware; do real-time detection and blocking whenever possible; and enforce user and application-based controls on applications that can transfer files.

“Our analysis shows that of the more than 26,000 malware samples analysed, 70 per cent retained distinct identifiers or behaviours that can be useful for real-time control and blocking,” the report said.

Sign up to our newsletters