For years, antivirus engines have been the primary defense against viruses, worms, Trojans, bots, and all other forms of malware designed to gain access to our emails, social networking sites, and corporate networks. While collecting their signatures from honeypots and gathering self-propagating threats has been useful in detecting malicious behavior in the past, things have changed. Today’s threats aren’t propagating. They’re using social engineering to lure their victims instead, thus breaking the traditional AV model.
An experiment featured in the article, “Catch Me if You Can: Antivirus Poor at Detecting Web-Malware”, shows just that — even today’s popular AV engines aren’t very effective at detecting malware from compromised websites. Of the AV engines tested, all performed poorly when detecting web-based malware, even with all the latest versions available and updates with the latest virus definitions.
This goes to show that AV engines have a long way to go when it comes to detecting web-based malware. Organizations that continue to rely on AV engines can no longer keep up with the growing sophistication of malware to adequately protect their corporate networks from new attacks. As a result, their systems are even more susceptible to malicious code they can’t even detect.
This study concludes with “the threat from web-based malware is looming large and is only going to intensify in the coming years.” Yet another example of why companies serious about defeating the growing threats to their IT environments need real protection in the form of whitelisting, not detection, against web-based malware and malicious behavior.