Byron Acohido -- Cybertruth, a USA TODAY Tech Blog
There's been a stunning shift in the way malicious software circulates on the Internet.
Viral attachments and web links arriving in e-mail remain pervasive. But fresh research findings from firewall vendor Palo Alto Networks revealing that the vast majority of malware seeping into company networks arrives via drive-by download.
It turns out that the biggest threat to corporate networks is employees unwitting clicking on webpages carrying nasty infections, such as widely-used Blackhole programs designed to intelligently fingerprint your computing device and locate the best available security hole to infect it.
Palo Alto's discovery finding suggests that the bad guys have shifted their attention to corrupting vulnerable webservers, and thus booby-trapping innocuous web sites to silently infect the computer or mobile device of any and all visitors.
(Dot connection: Palo Alto's research dovetails with findings by security firms ESET and Sucuri, disclosing details of a nasty bit of malware dubbed, Linux/Cdorked.A. As CyberTruth reported earlier this week, Linux/Cdorked.A has stealthily implanted driveby download infections in hundreds of Apache webservers, the most well-known and widely-used webserver in the world.)
Palo Alto analyzed three months worth of Internet traffic circulating through its customers' networks, and found that 90% of the malware leaked in from web-browsing, while only 6% arrived via tainted e-mails.
Malware circulated via driveby download, via a tainted webpage, also did a much more effective job of remaining undetected. On average it took 20 days or longer for antivirus programs to detect and block malware from a web borne compromise versus five days for email-based malware.
The simple reasons for this, says Palo Alto product manager Wade Williamson, is that web-browsing is real-time and email is not. Therefore, there is less time for security to analyze suspicious coding and make decisions as to whether to block.
And the bad guys have become masters of customizing malware each time it gets delivered from a webserver to another victim, whereas most e-mail goes out in bulk.
"The malware fight has moved into the network and businesses need to make sure their anti-malware efforts in the network are as good or better than what they do for e-mail," says Williamson.