26 Mar 2013

Web-Delivered Malware Harder to Detect than E-mail Threats


Web-based threats manage to avoid traditional security solutions easier than spammed malware, according to The Modern Malware Review, a study by Palo Alto Networks.

Palo Alto Networks found that some 90 percent of “fully undetected” or unknown malware reaching users’ systems originates from the www, while only 2 percent is delivered via e-mail in spam campaigns.

"An overwhelming volume of unknown malware comes from web-based sources, and traditional AV products fare much better at protecting against malware delivered via email," Palo Alto Networks said.

The report finds that web servers use server-side polymorphism to address a unique sample to each target and avoid detection, while malicious samples pushed via e-mails are sent in bulk, and antivirus products can grab multiple samples, analyze and block them. This explains the disproportionate success of web-based samples when compared to spammed ones.

This report was intended to identify common elements in terms of malware creation, behavior and dissemination that all antivirus products can use to improve their performance for the good of all users.