The fastest growing malware categories in the second half of 2011 were PPI (Pay-Per-Installs) and information stealers that target user credentials enabling the theft of key intellectual property and sensitive data, according to FireEye.


Cyber criminals are continuing to break through traditional defenses in an alarming rate that is further widening the $20 billion dollar security gap. This security gap refers to the $20 billion invested annually in IT security, which is easily evaded by cyber criminals to compromise the vast majority of enterprise networks.

In the second half of 2011, PPI downloaders, worms, backdoors and information stealers represented the four most prevalent categories of malware. PPIs are malware programs that charge a fee to download or distribute other malware programs. These programs differ from normal downloaders/droppers in that a PPI malware author gets paid for every successful install of another malware program. Of the top four malware categories, information stealers and backdoors present the greatest threat to enterprises.

In FireEye’s last report issued in August 2011, the company found a significant gap in today’s enterprise IT defenses, as advanced malware and targeted attacks are easily evading traditional defenses such as firewalls, intrusion prevention systems, antivirus and Web/email gateways. This trend has not changed.

In second half of 2011, FireEye found that 95 percent of enterprises have had malicious infections entering the network each week with 80 percent of the enterprises facing more than a hundred new cases per week.

The bottom line: today’s traditional security mechanisms are still not able to keep up with the highly dynamic, multi-stage attacks that have become common today with advanced targeted attacks.

As criminals conduct advanced targeted attack operations, enterprises must reinforce traditional defenses with a new layer of dynamic security that can detect these zero-day threats in real-time and thwart malware communications back to command and control centers. This extra defense layer needs to be designed specifically to fight the unknown and advanced persistent threat (APT) tactics that dominate advanced targeted attacks.

“Our latest report is further proof that cyber criminals are getting more savvy and bolder in their method of attacks,” said Ashar Aziz, Founder, CEO, and CTO, FireEye. “With the rise of information stealer malware, it’s more important than ever for companies in security conscious industries such as financial services, health care and government sectors to closely examine their current IT defense perimeter; determine if advanced malware is entering their networks unimpeded and prevent the theft of intellectual property.”