Malware Outbreak Report June 2009

Similar documents
Commtouch RPD Technology. Network Based Protection Against -Borne Threats

Ipswitch IMail Server with Integrated Technology

OutbreakShield Effective and Immediate Protection against Virus Outbreaks

Pattern-based Messaging Security for Hosting Providers

Powerful and reliable virus and spam protection for your GMS installation

Symantec Endpoint Protection

Sérgio Martinho Microsoft Portugal

Trend Micro Endpoint Comparative Report Performed by AV Test.org

Symantec Endpoint Protection

Commtouch Software Ltd

Recurrent Patterns Detection Technology. White Paper

Threat Trend Report Second Quarter 2007

Netsweeper Whitepaper

Kaspersky Security. for Virtualization 1.1 and Trend Micro Deep. Security 8.0 virtual environment detection rate and performance testing by AV-Test

Internet Threats Trend Report Q In This Report. Q Highlights. 179 billion. Pharmacy ads. 307,000 Zombies. India

Life After Signatures Pattern Analysis Application for Zombie Detection

Edge-based Virus Scanning

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

Zscaler Cloud Web Gateway Test

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Anti Spam Best Practices

Kaspersky Security Network

WatchGuard Gateway AntiVirus

Norton AntiVirus 9.0 for Macintosh

NetDefend Firewall UTM Services

Finjan Malicious Code Research Center. Malicious Page of the Month

Virtual Desktops Security Test Report

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Detection of Linux malware

NetDefend Firewall UTM Services

Anti-Virus Comparative - Proactive/retrospective test May 2009

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

Why one virus engine is not enough

AntiVirus and AntiSpam scanning The Axigen-Kaspersky solution

Kaspersky Internet Security 6.0 vs Microsoft Windows Live OneCare. Comparative Analysis

Virus Protection for Small to Medium Networks

PROACTIVE PROTECTION MADE EASY

Banker Malware Protection Test Report

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Symantec Endpoint Protection

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

Content Security Gateway Series Real-time Gateway Web Security Against Spyware and Viruses

How To Understand What A Virus Is And How To Protect Yourself From A Virus

Closing the Antivirus Protection Gap

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Simplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Security Industry Market Share Analysis

ENTERPRISE EPP COMPARATIVE REPORT

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

End to End Security do Endpoint ao Datacenter

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

Global Antivirus Software Package Market

How To Test For Security Protection

Achieving SOX Compliance with Masergy Security Professional Services

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Payment Card Industry Data Security Standard

Security Industry Market Share Analysis

Executive Summary. McAfee Labs Threats Report: Third Quarter 2013

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

Active Threat Control

How To Buy Nitro Security

B-HAVE the road to success

Defining, Evaluating, and Designing Best-in-Class Network Security

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

Insight. Security Response. Deployment Best Practices

Fraud and Phishing Scam Response Arrangements in Brazil

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

ESET Security Solutions for Your Business

Lumension AntiVirus Technical Notification December 19, 2012

ENDPOINT PROTECTION Understanding the Challenges and Evaluating a Solution

MANAGED SECURITY SERVICES

Improving Network Protection and Performance with Network-Based Antivirus Technology

Symantec Advanced Threat Protection: Network

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

Consumer ID Theft Total Costs

Cisco Security Intelligence Operations

Host-based Intrusion Prevention System (HIPS)

Deployment Guides. Help Documentation

KASPERSKY ENDPOINT SECURITY FOR BUSINESS: TECHNOLOGY IN ACTION

Security and control: The smarter approach to malware and compliance

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Trust the Innovator to Simplify Cloud Security

Symantec Cyber Security Services: DeepSight Intelligence

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Threat and Vulnerability Management Plan

Mobile Security Apps. Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de

Symantec Security.cloud - Skeptic Whitepaper

Advantages of Managed Security Services

End-user Security Analytics Strengthens Protection with ArcSight

White Paper. ZyWALL USG Trade-In Program

Malware and Other Malicious Threats

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

The Symantec Approach to Defeating Advanced Threats

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Transcription:

June 2009 June 2009 From late May through June, Commtouch Labs noted a sharp rise in the number of new viruses being circulated via email that were not caught by the major anti-virus engines. There were several malware outbreaks whose wide distribution caused malware numbers to temporarily and exponentially increase from the rather consistently low numbers we have seen during the past 18 months. One explanation for the dramatic rise is the appearance of aggressive new variants of several different Trojans. With each new variant, there is a period of time during which anti-virus companies recognize it and then develop new signatures to protect their customers. The companies have tried blocking new variants with a dedicated signature per variant. This method proved inefficient, so security vendors have begun to develop generic signatures to block all variants of the same malware family. As demonstrated by this massive growth, the generic signatures have not proven to work against the recent variants. Massive High Jan Feb Mar Apr May Jun Page 1 Total viruses missed by major AV engines Source: Commtouch Labs

Top 10 Viruses Missed by Major AV engines: May 20 June 29 MD5 Checksum Common Name 1 4be0d4b1dbc2d7ba92b6c920388ae4bb Mal/WaledPak-A 2 fa5f6094f90a001d1fc742c7c036be7a Mal/FakeVirPk-A June 2009 3 2c677cf98d1a4aa1f95ca456a6dfa18b Troj/Agent-KBE 4 53d15dc652a2534572981bab1e2eddf3 Troj/Agent-JZY 5 c81ba436d85bba944adb74b86c90fae8 Mal/WaledPak-A 6 1396f9770b2702312c76987ca31e6866 Mal/WaledPak-A 7 7d06f4fc766b84faf02a91063946a96b Mal/FakeVirPk-A 8 de90a24f3dfb5c1c8d4a0a3104f3dd4a Mal/WaledPak-A 9 ad2b80463042d88056dc104c41e2a03e Troj/Agent-KBJ 10 c17e6929f32dd05d718c83c2aae219bb Troj/Dloadr-CMT Sample Viruses Below is more detailed information about two of the Top 10 viruses MD5 Checksum: c17e6929f32dd05d718c83c2aae219bb and MD5 Checksum: 2c677cf98d1a4aa1f95ca456a6dfa18b. MD Checksum: c17e6929f32dd05d718c83c2aae219bb Sample Subject Lines see the transcript [failed(1)] past 4 hours delivery problems encountered please confirm your message email delivery error email policy violation western union transfer mtcn: 3475277661 Sample Executable File Names westernunion_tr0002212.exe Page 2

MD5 Checksum: c17e6929f32dd05d718c83c2aae219bb Lifespan June 2009 MD5 Checksum: 2c677cf98d1a4aa1f95ca456a6dfa18b Sample Subject Lines Page 3 May 26 May 27 apm-n de estado de entrega (error) past 4 hours delivery problems encountered tycqenk2yagqgnfl-(+wtgnjq-) uloqxnlayuuqgnfl- (+wtflvw-) aok-tat de remise (+aok-chec) vdcy7a- +wmhq3a- +xuy5va-(+wuttka-) see the transcript [failed(1)] Sample Executable File Names upsnr_976120012.exe Source: Commtouch Labs

MD5 checksum: 2c677cf98d1a4aa1f95ca456a6dfa18b Lifespan June 2009 7:00 9:00 11:00 13:00 15:00 17:00 19:00 21:00 23:00 1:00 3:00 5:00 7:00 9:00 11:00 13:00 15:00 17:00 19:00 21:00 23:00 1:00 3:00 5:00 7:00 9:00 11:00 13:00 15:00 17:00 19:00 21:00 23:00 1:00 3:00 Anti-Virus Engine Lag Time Methodology Commtouch proactively scans vast amounts of email traffic circulating the Internet. Commtouch s Recurrent Pattern Detection -based detection engine analyzes the traffic as it is circulating and identifies massive virus outbreaks as soon as they emerge. The table below compares the Commtouch detection time to that of leading AV vendors, on average, for the two sample viruses detected by Commtouch at the time of publishing. These figures were calculated using AV engine detection times as reported by AV-Test.org and comparing them to detection times retrieved from the Commtouch RPD database. Definitions: June 1 June 2 June 3 Time difference from Commtouch: The difference in signature release time per- AV engine, as reported by AV-Test.org, and Commtouch detection time as retrieved from the Commtouch RPD database. Page 4 Source: Commtouch Labs

Zero-hour detection: Indicates detection and blockage of the malware within the earliest moments of its outbreak. June 2009 No detection during analysis period: Indicates that the AV engine did not release a signature by the time this was posted to the web site; however it is possible that the AV engine released a signature after that time. Lately, most unique virus/malware attacks take place over the course of several hours, so a combination of pro-active Zero-Hour virus outbreak protection and traditional signature-based AV is the recommended defense. Virus Details: Malware Characteristics MD5 checksum: Commtouch detect time [GMT]: Parent archive files(s): File name(s): Comparative Data Page 5 c17e6929f32dd05d718c83c2aae219bb 5/26/2009 12:17:00 PM westernunion_tr0002212.zip westernunion_tr0002212.exe This report generated 80.67 hrs. after Commtouch detect time Based on AV Test.org Submission ID: 2009 05 29_20 57_0001 AV Engine Source: AV Test.org Malware Name Time Difference From Commtouch Source: Commtouch Software, Ltd. AVG PSW.Generic7.JQF (Trojan horse) 10.52 hrs. CA AV Win32/Bredolab.HW 20.70 hrs. ClamAV No detection during analysis period Fortinet PossibleThreat 14.03 hrs. ISS VPS No detection during analysis period Kaspersky Trojan.Win32.Agent.cjef 7.58 hrs. McAfee Spy Agent.bw (trojan) 26.88 hrs. Sophos Troj/Dloadr CMT 4.50 hrs. Symantec Trojan Horse 27.22 hrs. Trend Micro TROJ_BREDOLAB.BB 64.12 hrs.

June 2009 Malware Characteristics MD5 checksum: Commtouch detect time [GMT]: 06 01 09 07:24 Parent archive files(s): File name(s): Comparative Data Page 6 2c677cf98d1a4aa1f95ca456a6dfa18b upsnr_976120012.zip upsnr_976120012.exe This report generated 85.62 hrs. after Commtouch detect time Based on AV Test.org Submission ID: 2009 06 04_21 01_0002 AV Engine Source: AV Test.org Malware Name Time Difference From Commtouch Source: Commtouch Software, Ltd. AVG Pakes.DRC (Trojan horse) 13.08 hrs. CA AV Win32/Donloz.OA 38.43 hrs. ClamAV Trojan.Agent 115743 3.87 hrs. Fortinet PossibleThreat 7.93 hrs. ISS VPS No detection during analysis period Kaspersky Trojan.Win32.Inject.accz 5.97 hrs. McAfee Spy Agent.bw (trojan) 31.15 hrs. Sophos Troj/Agent KBE 4.30 hrs. Trend Micro TSPY_ZBOT.AWF 21.13 hrs. The data on these pages consists of samples of email-borne malware that Commtouch Zero Hour Virus Outbreak Protection solution, based on Recurrent Pattern Detection (RPD ) technology recently detected and blocked. The pages are updated approximately twice daily, and therefore are not intended to be a real-time alert service for new malware incidents. Data is often published after the outbreak has ended, in order to provide a comprehensive overview of the detection performance of Commtouch and other popular AV scanners. Data about other AV solutions is based on tests made by an independent third-party, AV-Test.org. Other Commtouch data, including comparisons with other AV scanners, is based on Commtouch Virus Outbreak Detection research labs.

Commtouch Zero-Hour Virus Outbreak Protection: OEM Solution Today s viruses, worms and Trojan downloaders target the primary weakness in anti-virus technology: the time it takes for new signatures or heuristics to be developed and distributed. June 2009 Commtouch Zero-Hour Virus Outbreak Protection provides a complementary shield to conventional AV technology, protecting in the earliest moments of malware outbreaks, and right through as each new variant emerges. About Commtouch Commtouch (NASDAQ: CTCH) provides proven messaging and Web security technology to more than 100 security companies and service providers for integration into their solutions. Commtouch s patented Recurrent Pattern Detection (RPD ) and GlobalView technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, protecting email infrastructures and enabling safe, compliant browsing. The company s expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary in Sunnyvale, Calif. Stay abreast of the latest messaging and Web threat trends all quarter long at the Commtouch Café: http://blog.commtouch.com. For more information about enhancing security offerings with Commtouch technology, see http:// or write info@commtouch.com. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch. About Global DataGuard, Inc. Global DataGuard is the technology leader in network behavior analysis-based Enterprise Unified Threat Management for small/medium business to large enterprise environments. The company has been arming Fortune 1000 companies with battle-tested, proven Enterprise UTM solutions and Security Risk Management (SRM) Managed Security Services since 2001. Today, Global DataGuard solutions are deployed on three continents in both corporate and managed services environments. For more information, call (972) 980-1444 or visit our web site at. ------- Copyright 2009 Commtouch Software Ltd. All Rights Reserved. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch. Page 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information