Why your AV solution is ineffective against today's email-borne threats presented at Virus Bulletin 2010

by Greg Leah (Symantec hosted services (formerly messagelabs)),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2010/abstracts/Leah.xml

Summary : "
The onslaught of mass email attacks has become a daily occurrence in the industry with which many AV companies have
struggled to cope. In attempting to combat these threats, signature-based engines have become ineffective when compared
to heuristic engines. With attack runs lasting just minutes and the significant time required for signature deployment,
any company that does not have advanced heuristic detection for a zero-day threat before it is launched will inevitably
have customers affected.
Furthermore, targeted email attacks are slipping through signature-based scanners completely under the radar. Many of
these so-called 'spear-phishing' attacks use unique malicious documents that are sent to only a handful of potential
victims. Such intrusions were thrown into the media spotlight recently following the highly publicised 'Aurora' attacks,
which resulted in the penetration of Google, Adobe and some 32 other companies including defence contractors and financial
institutions.
This paper will use recent mass email attacks as well as small, covert targeted attacks to illustrate some current
challenges faced by the AV industry. In particular, it will expose some major shortcomings of traditional signature-based
AV. These include lack of protecting against zero-day email attacks launched from Botnets and the inability to shield
customers from stealthy targeted attacks. Conversely, it will highlight some of the benefits in these areas of moving
towards a cloud-based heuristic solution. The argument will be backed up by real-world data gathered from live email attacks
against corporations, SMBs, and public sector institutions. "