In the antivirus industry one of the terms we use
is “heuristics”. This is a fancy word for “how we detect bad programs
that we have never seen before”. The ability to detect bad programs
before we have ever seen them is proactive detection. We write the
detection before the threat exists. How we can do that is a different
article!
About 2 AM on February 23rd, if you live in central Europe ,
we saw a spike forming at ESET’s VirusRadar
(http://www.virusradar.com/). The spike was caused by something we had
not seen before. We simply labeled it “probably unknown NewHeur_PE
virus” which is geek talk for a program that we’re pretty sure you don’t
want to run.
At about 3 AM as many as about 1 in 25 emails going
through our monitoring ISP contained this threat. In this case it was a
new run of “Stration” programs. Strations do nasty things like send
spam and install bots – little programs that make your PC a toy for the
bad guys to abuse, and let them steal any information form your PC they
want to.
By 4 AM we were down to about 1 in 80 emails
containing the threat, but then at about 2 PM we saw an enormous spike.
As many as 1 out of every 5 emails passing through our monitoring ISP
contained the threat. Millions of these emails with the Stration
attachments were spammed out far more quickly than any company could
respond to with traditional signatures.
In the “good ol’ days” you
could wait a few weeks for detection for the newest threat. Not too far
back you could wait a day. In today’s environment, by the time you get
your signatures, the threat may have passed. Without adequate security
mechanisms in place you got infected or you were lucky. Proactive
detection is part of what adequate security mechanisms are.
Without the proactive protection our users would
have been exposed to the malicious software, possibly resulting in
infection and compromise of their computers.
