- Dec 15, 2013
- 150
The traditional malware detection approach is far from being sufficient, especially in corporate environments, as antivirus products could take months before adding the routines for recognizing some of the more complex threats.
A study from Damballa, a security company offering solutions against advanced cyber threats, revealed that malware could spend as much as six months on a system before it is identified using signature-based detection.
AV products detected 93% of the malware after a month
During a nine-month period, the researchers analyzed a sample set of thousands of files delivered for review by enterprise customers and had it scanned by four of the most popular antivirus products currently on the market.
The company found that in the first hour from submission, only 30% of the malware database could be identified by the products as a threat. After a day, the detection rate increased to 66% and the improvement continued after a week, when 72% of the malicious database entries were labeled as a threat.
Damballa researchers systematically re-scanned the files in order to see the amount of time needed by the maintainers of the antivirus products to add the correct signatures.
A month into the experiment, 93% of the samples were detected as malicious. The more time a threat spends on a system, the higher the chances are that attackers managed to reach sensitive areas or to exfiltrate sensitive information. According to Damballa, the 100% detection rate was achieved after more than six months.... View full story