MUST READ

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

 | 

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

 | 

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog

 | 

Herodotus Android malware mimics human typing to evade detection

 | 

Aisuru botnet is behind record 20Tb/sec DDoS attacks

 | 

Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät

 | 

Critical ASP.NET flaw hits QNAP NetBak PC Agent

 | 

Ransomware payments hit record low: only 23% Pay in Q3 2025

 | 

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

 | 

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

 | 

Crafted URLs can trick OpenAI Atlas into running dangerous commands

 | 

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD

 | 

Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws

 | 

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

 | 

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

 | 

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

 | 

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

 | 

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

 | 

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

 | 

AV alone is not enough to protect PC from zero-day malware

Pierluigi Paganini May 31, 2014

A recent research conducted by experts at Lastline Labs have demonstrated that AV alone is not enough to protect computers from zero-day malware.

A recent research conducted by security company Lastline Labs revealed that only 51% of security solutions tested in a study are able to detect zero-day malware.

Experts at Lastline Labs have analyzed hundreds of thousands of pieces of malware they detected for 365 days from May 2013 to May 2014, evaluating detection capabilities of new malware against the 47 vendors featured in VirusTotal.

As explained by the researchers the principal problem is the time spent by providers of security solutions to distribute updates able to make their product efficient in the mitigation of the zero-day malware.

Experts discovered that in the cases where none of the tested AV solution detected a malware instance on the first day, it took an average of two days for its discovery, this means that in the best scenario end users will receive updates to protect their computers up to 2 days.

“On any given day, according to Lastline Labs’ analysis, much of the newly detected malware went undetected by as much as half of the AV vendors. Even after 2 months, one third of the AV scanners failed to detect many of the malware samples.” states Lastline.

The most alarming data in my opinion is that after two weeks, detection rates were up to 61 percent, demonstrating the latency in the distribution of the updates once discovered the zero-day malware.

“The least-detected malware – that is the malware in the 1-percentile ‘least likely to be detected’ category – went undetected by the majority of AV scanners for months, and in some cases was never detected at all.” according experts at Lastline Labs.

lastline-labs av vendor apt detection rate zero-day malware

The reults of the research conducted by Lastline Labs demonstates the necessity to integrate Anti-virus protection with other security solutions. A layered approach is necessary to detect and block zero-day malware.

“We think that “traditional” AV technology is not dead, but needs to be complemented with other approaches (e.g., based on dynamic analysis of samples, network anomaly detection) that provide additional signals for detection.” added the experts.

Below key findings from Lastline Labs reports.

  • On Day 0, only 51% of AV scanners detected new malware samples
  • When none of the AV scanners detected a malware sample on the first day, it took an average of two days for at least one AV scanner to detect it
  • After two weeks, there was a notable bump in detection rates (up to 61%), indicating a common lag time for AV vendors
  • Over the course of 365 days, no single AV scanner had a perfect day – a day in which it caught every new malware sample
  • After a year, there are samples that 10% of the scanners still do not detect

Pierluigi Paganini

(Security Affairs –  Zero-day malware, Lastline Labs)

AV Cybercrime Lastline Labs malware malware detection zero-day malware

you might also like

Pierluigi Paganini October 29, 2025
Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets
Read more
Pierluigi Paganini October 29, 2025
U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

Hacktivism / October 29, 2025

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

APT / October 29, 2025

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog

Security / October 29, 2025

Herodotus Android malware mimics human typing to evade detection

Malware / October 29, 2025

Aisuru botnet is behind record 20Tb/sec DDoS attacks

Malware / October 28, 2025