80% of malware still leverage on HTTP
About 75% of active HTTP malwares cannot be detected through traditional protection methods, according to a new report.
Threat discovery firm Damballa revealed that about 80% of malware still exploit HTTP, while most of the regularly implemented security software cannot detect active bugs responsible for expensive security breaches.
Damballa researcher Terry Nelms said that while next-gen malware is starting to leverage non-HTTP channels, such as peer-to-peer, HTTP continues to be the predominant channel used by 80% of all malware seen.
"Malware today is using HTTP to ‘blend in’ and evade detection by sending small traces of information over the core ports and protocols that enterprises allow in and out of their network," Nelms said.
"Our research indicates that firewalls and IPS are highly ineffective at detecting next-gen malware infected devices."
According to the firm, mlaware spreaders are continually altering their control server targets and modifying their malware with different serial versions and one time use server malware sites to avoid detection by conventional autograph and systems based on sandboxing.