Posted by: kenwbudd | October 16, 2009

Malware Loses its Impact Power and Surprise Factor After 24 Hours in the Cloud

Security vendors—particularly those with Web filtering and antivirus products, boast about the exponential growth in malware. Symantec, McAfee and others say the number of malware samples detected over the last two years is approaching 3 million. Strange, that’s more than all the samples of unique and variant viruses and worms detected in the last two decades.

Volume doesn’t necessarily equal damage. 52% of malware lose it’s power within 24 hours of being released into the wild (Cloud).

It’s a surprising statistic that reflects the changing nature of malware. Many malware writers are using a malicious cloud computing model to capture valuable data. They’re spreading worms and Trojans that either direct users to compromised or bogus Websites, or use a specific domain to send command and control instructions to their compromised clients.

McAfee recently reported, the volume of malware that’s designed to monitor specific domains such as banks and gaming sites to stealthily steal access credentials increased more than 400 percent in 2008.

We already know that malware creators will not stick around, waiting to get caught. They’re quickly moving or deactivating their controlling domains to avoid detection.

Also, carriers, hosting services and law enforcement are acting quickly to block or take down such malicious domains. The result is that those malware bots, dependent upon those malicious domains, are rendered inert within the first 24 hours. Therefore the impact power and surprise factor of malware, decreases over the next 72hours.

This is good news, right? Not always. It takes time for antivirus vendors and researchers to detect and create conventional signatures for new malware, somewhere in the order of 72 hours. This means most organisations are exposed to high infection rates and compromise, during the most dangerous time of malware infection.

The 24-hour window of vulnerability is an opportunity for solution providers to talk with customers about the benefits of adding synergistic security technologies that augment and complement traditional antivirus packages. Technologies such as data loss prevention, intrusion prevention, and Web and traffic monitoring and filtering can help detect and isolate malicious traffic and stop data loss.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: