{"id":11051,"date":"2012-05-08T22:50:59","date_gmt":"2012-05-09T02:50:59","guid":{"rendered":"http:\/\/rbach.net\/blog\/?p=11051"},"modified":"2022-08-26T16:26:27","modified_gmt":"2022-08-26T20:26:27","slug":"unknown-malware-rampant-in-enterprise-networks-2","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/unknown-malware-rampant-in-enterprise-networks-2\/","title":{"rendered":"Unknown Malware Rampant in Enterprise Networks"},"content":{"rendered":"

\"Unknown<\/a>Unknown malware plague enterprise networks<\/strong> according to network security<\/a> company Palo Alto<\/strong> Networks<\/a>. Help Net Security<\/em> reports<\/a> that Palo Alto Networks found hundreds of unique, previously unknown malware samples<\/strong> on live networks. Palo Alto Networks conducted the research with their new WildFire malware analysis engine<\/strong><\/a>.<\/strong><\/p>\n

\"\"<\/a><\/em>DarkReading<\/em><\/a> says that the cloud-based WildFire analysis engine found that seven percent of all unknown files analyzed contained malware<\/a>. WildFire is a new service recently announced by Palo Alto Networks that integrates in-line firewalling with automated cloud-based malware analysis<\/a>. Over a three-month period of analyzing unknown files from the Internet entering enterprise networks,the firm discovered more than 700 unique malware samples, 57 percent of which had no coverage by any antivirus<\/a> service or were unknown by Virus Total<\/a> at the time of discovery. Out of all the new malware identified, 15 percent also generated malicious or unknown outbound command and control traffic.<\/p>\n

The firewalls identify unknown and potentially malicious files by executing them in a virtual cloud-based<\/a> environment to expose malicious behavior even if the malware<\/a> has never been seen in the wild before. Wade Williamson, Senior Security Analyst at Palo Alto Networks says, “WildFire is taking sandbox technology out of the lab and applying it to a real product … customers can detect and protect themselves against malware using the hardware that they already have deployed today.”<\/p>\n

\"automaticallyFor malicious files, Palo Alto Networks<\/a> automatically generates new signatures for both the file itself and for any traffic generated by the malicious file. These signatures are then distributed with regular signature updates, as well as providing the user with actionable analysis of exactly how the malware behaves, who was targeted, and what application delivered the threat.<\/p>\n

“I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks,” the Senior Security Analyst said. “Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines. The ability to detect, remediate and investigate unknown malware needs to become a practical part of a threat prevention strategy in the same way that IPS<\/a> and URL filtering<\/a> are used today.<\/em>”<\/p>\n

\"Malware\"<\/a>Palo Alto Networks found that a variety of web applications distributed zero-day malware, in addition to the traditional HTTP<\/a> web-browsing and email traffic commonly associated with malware distribution. WildFire was able to identify specific phishing campaigns based on their affinity for particular applications. One attacker used AOL Mail<\/a> and another used the Hotfile<\/a> file hosting service<\/a> as the delivery vector.<\/p>\n

It’s important to note this because many enterprises only inspect email or FTP traffic for malware but do not have the ability to scan other applications. Applications that tunnel within HTTP or other protocols can carry malware that will be invisible to a traditional anti-malware solution,<\/em>” said Williamson. “These are examples of the big reasons why a lot of malware gets missed – most enterprises only focus on scanning their corporate email application. To control this problem we need to expand our view to other applications, pull the traffic apart, and go a level deeper in to find out if there’s a file transfer happening.<\/em>”<\/p>\n

Related articles<\/h6>\n