{"id":3401,"date":"2013-04-03T10:31:27","date_gmt":"2013-04-03T17:31:27","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=3401"},"modified":"2013-08-13T10:32:42","modified_gmt":"2013-08-13T17:32:42","slug":"modern-malware-review-ftp-surprises","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2013\/04\/modern-malware-review-ftp-surprises\/","title":{"rendered":"Modern Malware Review: FTP Surprises"},"content":{"rendered":"<p>Last week, we announced our first Modern Malware Review, where Wade Williamson and other Palo Alto Networks experts had the opportunity to analyze 3 months of data from WildFire, including data from more than 1,000 real networks and more than 26,000 seemingly unique samples of malware collected in real enterprise networks (out of 60k+ that evaded AV solutions on customer networks). You can find the full report <a href=\"http:\/\/media.paloaltonetworks.com\/documents\/The-Modern-Malware-Review-March-2013.pdf\">here<\/a>.<\/p>\n<p><!--more-->We\u2019ve gathered some interesting quotes from media coverage of the review below. Also, Wade speaks with Threatpost\u2019s Dennis Fisher about the MMR and some of the particularly compelling (dare I say alarming) findings in this podcast \u2013 give it a listen <a href=\"http:\/\/threatpost.com\/en_us\/blogs\/wade-williamson-malware-trends-032113\" rel=\"nofollow,noopener\" >here<\/a>.<\/p>\n<p>\"If you talk to most enterprise IT guys, they're not spending much time worrying about FTP because it's seen as a dusty old protocol. Some of these older protocols that are flexible and still work are being used by attackers because nobody is going to blink if they see it.\" \u2013 Wade Williamson (<a href=\"http:\/\/www.crn.com\/news\/security\/240151603\/palo-alto-pinpoints-older-ports-that-are-letting-in-malware.htm\" rel=\"nofollow,noopener\" >CRN<\/a>, March 25, 2013)<\/p>\n<p>\u201cMost network managers don\u2019t give a second thought to FTP, but it\u2019s pretty obvious that attackers are thinking about it\u2026a lot,\u201d \u2013 Wade Williamson (<a href=\"http:\/\/www.securitybistro.com\/blog\/?p=6023\" rel=\"nofollow,noopener\" >Security Bistro<\/a>, March 27, 2013)<\/p>\n<p>Can you sense the theme? FTP was observed to be exceptionally high-risk. FTP had the ignominious distinction of being both a common source of unknown malware as well as one of the sources that rarely received coverage. FTP was the most evasive application in terms of port evasion, and had one of the lowest detection rates in terms of malware.<\/p>\n<p><div style=\"max-width:100%\" data-width=\"432\"><span class=\"ar-custom\" style=\"padding-bottom:76.39%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter size-full wp-image-3406 lozad\" alt=\"MMR\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/04\/MMR.jpg\" width=\"432\" height=\"330\" srcset=\"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/04\/MMR.jpg 432w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/04\/MMR-230x175.jpg 230w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/04\/MMR-392x300.jpg 392w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/04\/MMR-52x40.jpg 52w\" sizes=\"auto, (max-width: 432px) 100vw, 432px\" \/><\/span><\/div><\/p>\n<p>For more details on getting a handle on the scale of modern malware check out Wade\u2019s guest post on Security Week <a href=\"http:\/\/www.securityweek.com\/combating-emerging-threats-through-security-collaboration\" rel=\"nofollow,noopener\" >here<\/a>. Let us know what you think of the Modern Malware Review in the comments below.<\/p>\n<link rel=\"author\" href=\"https:\/\/plus.google.com\/114253851106284887789\"\/>\n","protected":false},"excerpt":{"rendered":"<p>Last week, we announced our first Modern Malware Review, where Wade Williamson and other Palo Alto Networks experts had the opportunity to analyze 3 months of data from WildFire, including data from &hellip;<\/p>\n","protected":false},"author":16,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[131,115,108],"tags":[136,132,137,29],"coauthors":[],"class_list":["post-3401","post","type-post","status-publish","format-standard","hentry","category-malware-2","category-reports","category-threat-prevention-2","tag-mmr","tag-modern-malware","tag-modern-malware-review","tag-threat-prevention"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/3401","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=3401"}],"version-history":[{"count":9,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/3401\/revisions"}],"predecessor-version":[{"id":3426,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/3401\/revisions\/3426"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=3401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=3401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=3401"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=3401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}