Products & Releases

FireEye Advanced Threat Report Finds Fastest Growing Categories In The Second Half of 2011 Were Information Stealers And Pay-Per-Install Malware

The Top 50 malware families were responsible for 80% of successful infections
MILPITAS, Calif. – February 14, 2012 – FireEye, the leader in stopping advanced targeted attacks that bypass existing defenses such as traditional and next-generation firewalls, IPS, antivirus and gateways, today announced findings from their second half (2H) of 2011 Advanced Threat Report that illuminates the sophistication of advanced targeted attacks and the success cyber criminals are having penetrating today’s corporate networks.

FireEye Research found that the fastest growing malware categories in the second half of 2011 were PPI (Pay-Per-Installs) and information stealers that target user credentials enabling the theft of key intellectual property and sensitive data. In addition, FireEye also observed that cyber criminals are continuing to break through traditional defenses in an alarming rate that is further widening the $20 billion dollar security gap. This security gap refers to the $20 billion invested annually in IT security, which is easily evaded by cyber criminals to compromise the vast majority of enterprise networks.

In the second half of 2011, PPI downloaders, worms, backdoors and information stealers represented the four most prevalent categories of malware. PPIs are malware programs that charge a fee to download or distribute other malware programs. These programs differ from normal downloaders/droppers in that a PPI malware author gets paid for every successful install of another malware program. Of the top four malware categories, information stealers and backdoors present the greatest threat to enterprises.

In FireEye’s last report issued in August 2011, the company found a significant gap in today’s enterprise IT defenses, as advanced malware and targeted attacks are easily evading traditional defenses such as firewalls, intrusion prevention systems, antivirus and Web/email gateways. This trend has not changed. In second half of 2011, FireEye found that 95 percent of enterprises have had malicious infections entering the network each week with 80 percent of the enterprises facing more than a hundred new cases per week. The bottom line: today’s traditional security mechanisms are still not able to keep up with the highly dynamic, multi-stage attacks that have become common today with advanced targeted attacks.

Key Findings from the FireEye Advance Threat Report – 2H 2011 • The fastest growing malware categories in the second half of 2011 were PPI and information stealers. • Over 95 percent of enterprise networks have a security gap despite $20B spent annually on IT security. • Spear phishing attacks increase when enterprise security operations centers are lightly staffed or understaffed, particularly during holidays.

As criminals conduct advanced targeted attack operations, enterprises must reinforce traditional defenses with a new layer of dynamic security that can detect these zero-day threats in real-time and thwart malware communications back to command and control centers. This extra defense layer needs to be designed specifically to fight the unknown and advanced persistent threat (APT) tactics that dominate advanced targeted attacks.

Quotes “Our latest report is further proof that cyber criminals are getting more savvy and bolder in their method of attacks,” said Ashar Aziz, Founder, CEO, and CTO, FireEye. “With the rise of information stealer malware, it’s more important than ever for companies in security conscious industries such as financial services, health care and government sectors to closely examine their current IT defense perimeter; determine if advanced malware is entering their networks unimpeded and prevent the theft of intellectual property.”

SOCIAL MEDIA: • To download the entire report, go to

• View FireEye’s Research Team at • Find us on Twitter and Facebook

About FireEye, Inc. FireEye is the leading provider of next-generation threat protection focused on combating advanced malware, zero-day, and targeted advanced persistent threat (APT) attacks. FireEye's solutions supplement security defenses such as traditional and next-generation firewalls, IPS, antivirus and Web gateways, which can't stop advanced malware. These technologies leave significant security holes in the majority of corporate networks. FireEye's Malware Protection Systems feature both inbound and outbound protection and a signature-less analysis engine that utilizes the most sophisticated virtual execution engine in the world to stop advanced threats that attack over Web and email. Our customers include enterprises and mid-sized companies across every industry as well as federal agencies. Based in Milpitas, California, FireEye is backed by premier financial partners.

Editors' Choice
Evan Schuman, Contributing Writer, Dark Reading
Tara Seals, Managing Editor, News, Dark Reading
Jeffrey Schwartz, Contributing Writer, Dark Reading