Signature-based scanners miss 58% of malware

In its quarterly Global Threat Report issued today, ScanSafe reported that at its highest peak in Q109, 58% of Web malware blocks were zero day threats. On average, the rate of zero day malware blocks was 20% in 1Q09, meaning that companies using signature-based scanning alone could have been heavily exposed to malware during this period.

Blocks by malware type

ScanSafe noted that the rate of Web-delivered malware increased sharply in the first quarter of 2009 – another 19% from 4Q08. 2008 was the highest year on record for Web-delivered malware, with a staggering 300% increase from 2007. The report also revealed that 35% of malware blocks in 1Q09 resulted from visits to compromised websites. In addition, 28% of Web malware exposures blocked in the first quarter of the year were the result of data theft trojans.

Mary Landesman, senior security researcher at ScanSafe said:

Zero day malware is increasing and with signature-based scanners not picking up an average of 20% of malware, it is now crucial to use real-time scanning to ensure that your employees, network and most importantly, your data is not at risk. With malware increasing in both volume and sophistication and no foreseeable slow down in sight, it is more important than ever that companies have a comprehensive Web security solution in place.

Particularly concerning in the first quarter of 2009, was the outbreak of bank-related data theft trojans known as Zeus botnets. Zeus bots are known for browser traffic sniffing and intercepting data keystrokes, which can lead to data theft and the compromise of FTP credentials.

Zeus was previously implicated in a 6 million dollar commercial account heist on 20 European banks and is believed to be controlled by Russian cyber criminals. Early this year, Zeus botnet was deployed to swipe 1.6 million sensitive records from job seekers at and several other online job sites, among other scams.

Don't miss