{"id":17277,"date":"2012-06-29T16:54:46","date_gmt":"2012-06-29T23:54:46","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=17277"},"modified":"2025-05-28T23:33:32","modified_gmt":"2025-05-29T06:33:32","slug":"combating-malware-and-advanced-persistent-threats","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/","title":{"rendered":"Combating Malware and Advanced Persistent Threats"},"content":{"rendered":"<p>In the past decade, the security industry has seen a constant rise in the volume of malware and attacks associated with them. Malware are constantly evolving to become more complex and sophisticated. For example,<\/p>\n<ul>\n<li>Unique malware samples broke the 75 million mark in 2011 &#8211; Network World<\/li>\n<li>500 malware networks available to launch attacks &#8211; InformationWeek<\/li>\n<li><a href=\"http:\/\/www.computerworld.com\/s\/article\/9224700\/Malware_authors_expand_use_of_domain_generation_algorithms\">Malware authors expand use of domain generation algorithms &#8211; Computerworld<\/a><\/li>\n<li><a href=\"http:\/\/www.infosecurity-magazine.com\/view\/24074\/zeusbotspyeye-variant-uses-peertopeer-network-model\/\">Zeus\/Spyeye variant uses peer to peer network model\u00a0 &#8211;\u00a0 Infosecurity.com<\/a><\/li>\n<li><a href=\"http:\/\/www.wired.com\/threatlevel\/2012\/02\/anonymous-friday-attacks\/\">Anonymous promises regularly scheduled Friday attacks &#8211; Wired<\/a><\/li>\n<\/ul>\n<p>This blog discusses the changing malware threat landscape, challenges faced by intrusion-prevention systems, and limitations with traditional signature-based detection. We also provide the vision of McAfee Labs regarding effective solutions to combat such advanced threats.<\/p>\n<h2><strong>Changes to the Threat Landscape <\/strong><\/h2>\n<p>In the last decade we have seen exponential growth in the number of Internet users worldwide. This expanding base provides a lucrative opportunity to criminal organizations to carry out illicit activities. Compared with earlier malware that primarily created nuisance attacks, today&#8217;s malware are much more focused on both their victims and goals. Today\u2019s attacks are a major concern for enterprises and organizations. Not only do they risk the loss of intellectual property or data, but any disruption to business continuity can also severely hamper an organization\u2019s productivity and reputation. Protecting networks with a wide variety of Internet-connected devices\u2014desktops, laptops, smart phones, etc.\u2014has become even more of a challenge.<\/p>\n<p>Botnets are the most common form of malware used by cybercriminals to attack enterprises and government organizations worldwide. Botnets, networks of compromised \u201crobot\u201d machines (also known as zombies) under the control of a single botmaster, carry out malicious activities such as distributed denial of service (DDoS) attacks on servers, steal confidential information, install malicious code, and send spam emails. Recent examples are Operation Aurora, ShadyRAT, and DDoS attacks on payment websites in support of WikiLeaks.<\/p>\n<p>Advanced persistent threats, on the other hand, focus on specific targets, such as government organizations, with motives ranging from espionage to disrupting a nation\u2019s core networks, including nuclear, power, and financial infrastructure. Due to the discrete nature of the attacks, these can remain undetected for a long time. Such attacks are also much more complex and sophisticated compared with other malware.\u00a0 For example, Stuxnet targeted Iranian nuclear facilities and Flame targeted cyberespionage in Middle Eastern countries.<\/p>\n<h2><strong>Challenges<\/strong><\/h2>\n<p>Looking at the significance of intellectual property and national secrets as well as the vast potential of monetary rewards gained through these advanced attacks and threats, more and more cybercriminals\u2014often well funded by criminal organizations\u2014are attracted to develop malware. Their authors implement various techniques to make the malware and associated communication channels stealthier to avoid detection by security products on host systems and on the network. For example, encrypting communications between host and control server, using decentralized network architecture to stay undetected and resilient, using domain and IP flux techniques to hide control servers, and obfuscating malicious payloads are some of the techniques widely used by malware these days.<\/p>\n<h2><strong>\u00a0<\/strong><strong>Traditional Detection and Its Limits<\/strong><\/h2>\n<p>A signature-based detection mechanism that looks for unique network patterns has been the traditional method employed by security vendors to provide protection against attacks.<\/p>\n<p>This method, though effective for defending against known threats, has limits.<\/p>\n<ul>\n<li>It is reactive: To provide coverage, researchers need to monitor and analyze network traffic, and reverse-engineer the attack to provide accurate detection coverage<\/li>\n<li>It is static: Malicious network patterns observed in previous attacks can change frequently, thus making the existing signatures ineffective to detect new variants of old threats<\/li>\n<li>It cannot react to unknown (such as zero-day) attacks<\/li>\n<li>The scope of detection is limited to a single network session and cannot correlate events across multiple network sessions<\/li>\n<\/ul>\n<p>These limitations severely cripple traditional signature-based detection in protecting against emerging threats.<\/p>\n<h2><strong>McAfee Labs<br \/>\n<\/strong><\/h2>\n<p>To win the battle and keep customers protected against emerging threats in the future, security vendors must continue to innovate.<\/p>\n<p>Based on the current challenges to and limitations of signature-based detection, McAfee Labs envisions a dynamic solution that can provide proactive protection against future threats.<\/p>\n<p>Such a solution must:<\/p>\n<ul>\n<li>Provide a behavioral-based detection framework in addition to the traditional approach<\/li>\n<li>Be capable of integrating various behaviors of the malware\/threat lifecycle<\/li>\n<li>Have the ability to correlate attacks across multiple network sessions to precisely detect a specific type of threat<\/li>\n<li>Have the ability to do event-based correlation across multiple network sessions to detect unknown malware\/threats<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Such a framework will primarily be targeted toward providing not only detection to known threats but also providing customers with early warnings of possible infections.<\/p>\n<p>In subsequent blogs, we will talk more about the solution that McAfee Labs believes will be capable of combating malware and advanced persistent threats on our networks.<\/p>\n<p>&nbsp;<\/p>\n<p>I would like to thank my colleagues Chong Xu and Ravi Balupari for their contributions to this blog.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the past decade, the security industry has seen a constant rise in the volume of malware and attacks associated&#8230;<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1411,49,180],"coauthors":[3973],"class_list":["post-17277","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-advanced-persistent-threats","tag-botnet","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Combating Malware and Advanced Persistent Threats | McAfee Blog<\/title>\n<meta name=\"description\" content=\"In the past decade, the security industry has seen a constant rise in the volume of malware and attacks associated with them. Malware are constantly\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Combating Malware and Advanced Persistent Threats | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"In the past decade, the security industry has seen a constant rise in the volume of malware and attacks associated with them. Malware are constantly\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2012-06-29T23:54:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-29T06:33:32+00:00\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Combating Malware and Advanced Persistent Threats\",\"datePublished\":\"2012-06-29T23:54:46+00:00\",\"dateModified\":\"2025-05-29T06:33:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/\"},\"wordCount\":815,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"advanced persistent threats\",\"botnet\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/\",\"name\":\"Combating Malware and Advanced Persistent Threats | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2012-06-29T23:54:46+00:00\",\"dateModified\":\"2025-05-29T06:33:32+00:00\",\"description\":\"In the past decade, the security industry has seen a constant rise in the volume of malware and attacks associated with them. Malware are constantly\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Combating Malware and Advanced Persistent Threats\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Combating Malware and Advanced Persistent Threats | McAfee Blog","description":"In the past decade, the security industry has seen a constant rise in the volume of malware and attacks associated with them. Malware are constantly","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Combating Malware and Advanced Persistent Threats | McAfee Blog","og_description":"In the past decade, the security industry has seen a constant rise in the volume of malware and attacks associated with them. Malware are constantly","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2012-06-29T23:54:46+00:00","article_modified_time":"2025-05-29T06:33:32+00:00","author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Combating Malware and Advanced Persistent Threats","datePublished":"2012-06-29T23:54:46+00:00","dateModified":"2025-05-29T06:33:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/"},"wordCount":815,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["advanced persistent threats","botnet","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/","name":"Combating Malware and Advanced Persistent Threats | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2012-06-29T23:54:46+00:00","dateModified":"2025-05-29T06:33:32+00:00","description":"In the past decade, the security industry has seen a constant rise in the volume of malware and attacks associated with them. Malware are constantly","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/combating-malware-and-advanced-persistent-threats\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Combating Malware and Advanced Persistent Threats"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/17277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=17277"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/17277\/revisions"}],"predecessor-version":[{"id":214681,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/17277\/revisions\/214681"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=17277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=17277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=17277"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=17277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}