Modern Malware Review: FTP Surprises

Palo Alto Networks reports that FTP (that’s right, FTP) has been identified as a common source of unknown malware. Last week, we announced our first Modern Malware Review, where Wade Williamson and other Palo Alto Networks experts had the opportunity to analyze 3 months of data from WildFire, including data from more than 1,000 real networks and more than 26,000 seemingly unique samples of malware collected in real enterprise networks (out of 60k+ that evaded AV solutions on customer networks). You can find the full report here.

We’ve gathered some interesting quotes from media coverage of the review below. Also, Wade speaks with Threatpost’s Dennis Fisher about the MMR and some of the particularly compelling (dare I say alarming) findings in this podcast – give it a listen here.

“If you talk to most enterprise IT guys, they’re not spending much time worrying about FTP because it’s seen as a dusty old protocol. Some of these older protocols that are flexible and still work are being used by attackers because nobody is going to blink if they see it.” – Wade Williamson (CRN, March 25, 2013)

“Most network managers don’t give a second thought to FTP, but it’s pretty obvious that attackers are thinking about it…a lot,” – Wade Williamson (Security Bistro, March 27, 2013)

Can you sense the theme? FTP was observed to be exceptionally high-risk. FTP had the ignominious distinction of being both a common source of unknown malware as well as one of the sources that rarely received coverage. FTP was the most evasive application in terms of port evasion, and had one of the lowest detection rates in terms of malware.


via Modern Malware Review: FTP Surprises ‹ Palo Alto Networks BlogPalo Alto Networks Blog.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: