Malware on the Decline? Or Is Evasion on the Rise?
For instance, in our labs we have witnessed quite a few Trojans which were not detected by some common AVs for over a week. Other types of malware are used to sting victims very quickly so even if an AV detects the threat, it is already too late. Take for example the re-emergence of - what Imperva has dubbed - the "Boy in the Browser" (BitB) Trojan. This Trojan, once executed on the victim's machine, re-routes the victim's traffic to pass through an attacker controlled server. The BitB does this by tampering with the mapping of hostname to network address mechanism. Once this persistent change to the configuration file is performed, the exploit code is then removed from victim's machines. As a consequence, even if that user updated their latest AV content the next time they switched on their computer, no AV mechanism would detect this modification as the malware is not even installed on the machine.
We believe that although these results show a drop in malware, in reality, client-side malware will just continue to increase making the task of ensuring security on the client's machine all the more implausible. Ultimately, consumer infection has become a business problem. This means that businesses need to start dealing with this growing threat. While providers should urge consumers to be prudent, they must learn how to interact with infected consumers and create a safe business environment for them regardless of the general threat. These solutions include identifying account takeover, defeating phishing campaigns, detecting infected clients, interacting with infected clients and even sandboxing client sessions
For more information see the Imperva Blog http://blog.imperva.com/