Over the past few days, “flash viruses” have been appearing on networks. These are Trojans (or Trojan horses) that spread very quickly, even before antivirus software has had time to update its signature database. What’s more, these viruses disappear very quickly, and their lifespan does not exceed 12 hours. That’s why it’s so important for Internet users to have solutions other than a simple antivirus to protect their IT tools from damage.
So, on the night of November 19-20, 2013, our ALTOSPAM platforms detected a first email containing a dangerous executable at 22:49:14. The last email containing this risky attachment was registered at 04:01:09. For your information, the virus was not identified on November 19 by any of the antivirus programs on the market (test carried out on 58 known antivirus programs), and was detected by only 13 antivirus programs out of 58 at the end of the period during which the infected emails were sent.
Another virus had been highlighted by our system during the day on November 7, 2013: the first email containing the virus in question reached us at 14:55:39 and the last arrived the following day at 10:19:47. Most of these high-risk emails were sent between 3pm and 5pm. NOD32, one of our ALTOSPAM anti-virus solutions, was the first to block the virus on 7/11 at 16:46:40, less than 2 hours after receiving the first infected email. A second antivirus from our email security solution quarantined the virus a few hours later. This virus is now detected by 29 out of 47 antivirus programs.
These examples highlight the fact that antivirus software is slow to update when computer viruses appear. Until they are aware of these viruses, they are unable to integrate them into their signature database. That’s why, even if you had all the antivirus software available on the market, you’d never be sure of complete and lasting protection.
Although our e-mail security solution incorporates 4 complementary antivirus programs, the November 19th virus nevertheless passed through these antivirus programs unchallenged, for the reasons outlined above. However, the ALTOSPAM system immediately blocked these emails containing the dangerous executable, thanks in particular to anti-spam rules and suspicious attachment recognition technology.
This news reinforces our vigilance in improving our anti-spam rules on a daily basis, so as to include this anti-virus issue as a matter of course, to ensure that dubious e-mail attachments are systematically rejected. ALTOSPAM was developed with this in mind.
Last but not least, it’s essential to raise awareness among Internet users, and in particular to avoid opening suspicious attachments under any circumstances!