Researchers: Most Attacks Defeat AV, Browsers

By Matthew Hines  |  Posted 2009-02-03 Print this article Print

Researchers at messaging security specialist Cyveillance have issued results of a new report that contends that a majority of today's cutting-edge malware and phishing threats are capable of circumventing most popular AV and browser filtering technologies.

Echoing the findings of similar research project conducted by vulnerability experts at Secunia in mid-2008, the Cyveillance paper maintains that the traditional frontline defense mechanisms deployed by almost every organization and end user are vastly insufficient.

However, in taking a step further than the Secunia report, Cyveillance researchers also submitted that malware detection rates are actually getting far worse, an indication that attackers increasingly find themselves with the upper hand in assailing their potential targets.

Cyveillance based its results on the performance of leading AV tools in identifying malware and phishing samples that it collected between July 1 and Dec. 31, 2008. Overall, the head-to-head comparison found that the security tools had an average detection rate of 37 percent for malware and 42 percent for phishing.

The company included AV filters made by F-Secure, Kaspersky, McAfee, Sunbelt, Sophos, Trend Micro, Dr. Web, AVG, Eset Nod32, F-Prot, Virus Buster and Norman. The test did not include results from Symantec based on inconclusive results related to its technologies, Cyveillance said.

"Given the dynamic nature of today's online threats and the traditionally reactive approach taken by today's malware and phishing detection technology, conventional signature-based solutions are inherently at a disadvantage to keep up," Panos Anastassiadis, CEO and Chairman of Cyveillance, proposed in a report summary.

Of all the technologies included in the comparo, tools made by Dr. Web and AVG featured the highest rate of daily attack detections, at 51 percent. Kaspersky (25 percent), Sunbelt (29 percent) and McAfee (36 percent) were the least effective solutions.

Among browser anti-phishing filtering tools, Mozilla Firefox performed the best, catching 49 percent of all newly discovered attacks, followed by Apple Safari (48.5 percent), Google Chrome (41.2 percent) and Microsoft IE (28.7 percent). All of the browsers' performance improved markedly 24 hours after the attacks had been discovered, led by Firefox (77.9 percent), and followed by Safari (75.9 percent), Chrome (71.9 percent) and IE (59.3 percent).

Cyveillance reported that the United States (30 percent) and China (28 percent) remained the top distributors of malware on the Internet during the second half of 2008, vastly outpacing the next largest nations, with the U.K. (6 percent), Korea (4 percent) and Germany (4 percent) rounding out the top five.

The messaging filtering specialist said that phishers continued to advance their efforts around social engineering in the latter half of the year, expanding into new geographies and targeting new types of businesses with their work. A total of 159 unique new brands were phished in the timeframe, representing a slight decrease compared to the number of new brands targeted during the same time a year ago.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel