|
Storm Worm Variants Shows New Direction in Malware |
|
|
|
|
SoftScan has announced today the people behind Storm Worm have continued to widely spam variants throughout the weekend, but they are putting a considerable amount of effort into avoiding detection, since each new variant at outbreak specifically designed not to be picked up by anti-virus scanners.
SoftScan submitted several variants of Storm Worm at the beginning of an outbreak to Virustotal, an independent service that is able to check individual files against a number of anti-virus scanners. Only one of the many scanners recognised the file as suspicious. It took one anti-virus company just twenty minutes to release a signature update. However, in that short space of time SoftScan's intelligent scanner, Paranoid, stopped nearly 2600 mails, destined to its customers' inbox. Demonstrating that despite the advancement of generic signatures, the importance of heuristic scanning in combination with other anti-virus techniques should not be underestimated. |
