ITWire

Palo Alto Networks' recently launched Wildfire malware analysis engine is a cloud-based service that is able to check for malware in any files that are intended to be downloaded via various on-line repository services or email.  This is achieved by interaction with their in-line firewall which passes the files to the cloud service for analysis.  In return, the cloud system communicates updated signatures to all firewalls at customer sites.

What the company found was that 7% of all such files destined for corporate users contained some form of malware.

Even more surprising was that a significant portion of the malware was previously unknown to security researchers.

"I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks," said Wade Williamson, Senior Security Analyst at Palo Alto Networks. "Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines. The ability to detect, remediate and investigate unknown malware needs to become a practical part of a threat prevention strategy in the same way that IPS and URL filtering are used today."

In the previous three months, over 700 unique malware examples were detected, of which 57% were unknown at the time of discovery to either Virus Total or the various anti-virus vendors.  Further, 15% of the newly discovered malware generated what appeared to be malicious or unknown outbound traffic to command-and-control servers.

Of interest was the wider view that Wildfire was able to take.  Using the tool, the company was able to identify specific phishing campaigns based on the unique communication channels; for instance, Palo Also Networks was able to identify one attacker who almost exclusively made use of AOL Mail and another who hosted his malware laden files at the Hotfile hosting service.