6 in 10 malicious URLs bypass AV scanners and URL filtering

M86 Security released a new report revealing its Security Labs research results based on the primary attack vectors on the Web and how the common approaches used to fend off these attacks stand up in today’s dynamic threat landscape.

The report titled “Closing the Vulnerability Window in Today’s Web Environment,” discloses both quantitative research on the percentage of Web threats correctly identified by URL filtering (3%) and Anti-virus scanning (39%) over the course of last month and three real-life studies of specific attacks, which are increasing in frequency: dynamic obfuscated code, hacking of legitimate Websites, and zero-day vulnerabilities.

In February 2010, Security Labs collected and tested more than 30,000 live malicious URL samples against the typical tools of third-party URL lists and anti-virus scanners. The analysis found that in the best case scenario, 6 in 10 malicious URLs pass unnoticed through anti-virus scanners and URL filtering, even when these two approaches are used together.

The test also looked at the growth rate of signatures behind anti-virus scanners, such as the popular AV-Test.org’s malware collection, and found that despite the dramatic increase in signatures, organizations and end-users are less protected because of the evasive methods cyber criminals use as well as the real-time dynamic nature and sophistication of today’s Web-based attacks.

“Even though URL Filters now check for more than 22 million malware signatures, 7 times the number in 2004, websites are still no safer as malware and Web 2.0 threats increase at least as quickly,” said Bradley Anstis, the company’s vice president technical strategy. “To counter the specific cases that we analyzed in this report, and to ensure maximum efficiency, we believe a three-pronged approach of combining URL filtering, anti-virus scanning and real-time code analysis should be best practice,” said Bradley Anstis, the company’s vice president technical strategy.

True real-time code analysis is able to scan each and every piece of incoming and outgoing Web content in HTTP/HTTPS/FTP to detect and block crimeware, malware, Trojans, targeted attacks and other malicious Web content before they are able to penetrate corporate networks, even when hiding in encrypted SSL traffic.

Don't miss