Sunday, October 27, 2013

What is Proactive Detection? Why Do You Need it?

In the antivirus industry one of the terms we use is “heuristics”. This is a fancy word for “how we detect bad programs that we have never seen before”. The ability to detect bad programs before we have ever seen them is proactive detection. We write the detection before the threat exists. How we can do that is a different article!

About 2 AM on February 23rd, if you live in central Europe, we saw a spike forming at ESET’s VirusRadar (http://www.virusradar.com/). The spike was caused by something we had not seen before. We simply labeled it “probably unknown NewHeur_PE virus” which is geek talk for a program that we’re pretty sure you don’t want to run.

At about 3 AM as many as about 1 in 25 emails going through our monitoring ISP contained this threat. In this case it was a new run of “Stration” programs. Strations do nasty things like send spam and install bots – little programs that make your PC a toy for the bad guys to abuse, and let them steal any information form your PC they want to.

By 4 AM we were down to about 1 in 80 emails containing the threat, but then at about 2 PM we saw an enormous spike. As many as 1 out of every 5 emails passing through our monitoring ISP contained the threat. Millions of these emails with the Stration attachments were spammed out far more quickly than any company could respond to with traditional signatures.

 In the “good ol’ days” you could wait a few weeks for detection for the newest threat. Not too far back you could wait a day. In today’s environment, by the time you get your signatures, the threat may have passed. Without adequate security mechanisms in place you got infected or you were lucky. Proactive detection is part of what adequate security mechanisms are.

Without the proactive protection our users would have been exposed to the malicious software, possibly resulting in infection and compromise of their computers.

Share

Twitter Delicious Facebook Linkedin Stumbleupon Favorites More