Menu
Anti-virus no defence against botnets, claims vendor

Anti-virus no defence against botnets, claims vendor

A new analysis of botnets has come up with a possible reason for their prodigious ability to infect PCs - many anti-virus programs are near to useless in blocking the binaries used to spread them.

According to FireEye chief scientist Stuart Staniford, detection rates are so poor that, on average, only around 40 percent of security software can detect binaries during the period of greatest infectivity and danger, namely the first few days after a particular variant starts being used by botnet builders.

In a detailed blog, he describes how he uploaded a sample of 217 binaries culled from FireEye appliances in customer premises between September and November to the independent VirusTotal test website. This runs 36 anti-virus programs - a representative sample of the security programs used by businesses and individuals - giving researchers access to data on get statistics on how many malware binaries have already been uploaded to the site by other researchers, when they were uploaded and how many were detected by each program.

Roughly half of the binaries picked up by FireEye were unknown to VirusTotal, a result indicative of the core problem of detecting botnet malware - speed.

Because malware often uses 'polymorphism' - programs are constantly changed very slightly to evade binary pattern detection - the problem of detecting and blocking malware quickly is huge. According to Staniford, this makes it important that anti-virus programs can spot malware in the first week of its use.

"The sample is likely to get discarded by the bad guys pretty soon after that," he notes.

During the first three days after initial detection by FireEye, only four in 10 anti-virus programs could spot the offending code, which suggests that many bots would evade security software during attacks on real PCs in they happened during this same period.

"The conclusion is that AV works better and better on old stuff - by the time something has been out for a couple of months, and is still in use, it's likely that 70 to 80 percent of products will detect it," says Staniford.

GO TO: blog on Braindead: Information Technology Ignorance (part 2)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarebotnetFireEyesecurity softwarecodeinternational newsbinary pattern detectionVirusTotalbinariesanti-virus programs

Featured

Slideshows

Meet the leading customer-centric Microsoft channel partners

Meet the leading customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the leading customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments