Supplied on \web site. on January 10th, 2008
Reducing Risk ThroughIncremental Malware Detection
January 2008
Supplied on \web site. on January 10th, 2008
Incremental Detection
Every day we test 3rd party products to measure the incremental detection we can offer our customers
Actual data from January 9th, 2008
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
• The previous slide illustrates the results from our 3rd party product tests for January 9th, 2008
• The following slides show the backup information available on the samples used for testing. All of the test samples shown overleaf were first seen and harvested in the on the day of the tests.
• This information is available daily, free of charge, to security vendors, industry analysts and major corporations to enable them to independently verify or challenge our testing.– To register for access to this information click here the link below :
• http://www.prevx.com/register.asp
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
Detected Undetected
Actual data
MD5
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
Detected Undetected
Actual data
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental DetectionJuly 17th,2007
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
This is a new version of the Trojan.Gorhax information stealer which infiltratedthe US Department of Transportation and many major US Corporations in July,2007.
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
Detected Undetected
Actual data
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
• Our daily test results show every sample tested– Which vendors detected each sample– The MD5 hash of each sample– The Prevx summary of the sample’s observed behavior– The identity of the sample as seen in the wild
• Incremental detection test results plus history back to July 2007 is available 24 hours a day online, free of charge
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
• How does Prevx consistently see so many new malicious objects that are undetected by many other vendors?– Every Prevx product shares knowledge of suspicious software seen by
our client base
– Prevx learns about 80,000+ new executable objects every day from thousands of new and existing Prevx CSI and Prevx 2.0 customers
– Prevx receives 3 Gigabytes of new unique suspicious samples every day
– Prevx has a massively powerful, scalable and automated research facility that determines 7,000 to 10,000 new malicious objects every day.
– Our capabilities actually improve geometrically with volume where most vendors struggle to keep pace
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
• Is it true that other vendors could claim they detect malware that Prevx doesn’t?– Yes, it is. However, as other vendors do not make
their test data available like we do it is difficult to quantify. We support open disclosure on malware detection scores, we wish other vendors would too.
– We focus our testing on demonstrating the incremental detection that Prevx can offer to a company already using another vendor’s product
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
• How does Prevx make its incremental detection available?– Prevx CSI: a small, ultra-fast on demand malware detection available
free to consumers and business• http://www.prevx.com/freescan.asp
– Prevx eSAC: a pre-transaction malware screening allowing banks, brokerages and eCommerce web sites and their customers to reduce online fraud
• http://www.prevx.com/esac.asp – Prevx 2.0: powerful anti-malware protection and cleanup
• http://www.prevx.com/antimalware.asp – Prevx CSI+: CSI plus powerful disinfection, remediation and cleanup– Prevx NAC Plug-in: Incremental malware screening for those seeking
faster more powerful detection– Prevx OEM: Incremental detection and remediation technologies
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
Malware Volumes Are Growing Exponentially
Supplied on \web site. on January 10th, 2008
Reducing Risk Through Incremental Detection
• Prevx CSI proved that out of 1,100,000 PCs screened in between October 2007 and January 9th, 2008 at least one in six PCs had one or more active infections
• Malware volumes are rising exponentially
• In the month of October 2007 alone, more new malicious objects were seen for the first time than were seen in the previous ten years
• Managing the increase in malware volumes is key to detection rates for all vendors
• Prevx has designed its automated malware research facilities to thrive in this environment and as a result our incremental detection rates are improving month on month
Supplied on \web site. on January 10th, 2008
Reducing Risk ThroughIncremental Malware Detection
Prevx CSI
“Prevx….. it’s incremental”http://www.prevx.com
Sample screen shots of Prevx CSI follow
Supplied on \web site. on January 10th, 2008
Prevx CSI Incremental Malware Detection
Prevx CSI is 600Kb, requires no installation and screens any PC or Server for active malware infections in less than 1 minute. In October 2007, 300,000 users screened their PC with Prevx CSI. One in six PCs had at least one active malware infection.Prevx CSI is compatible with Windows XP, 2000, 2003, Vista and all popular securityapplications.
http://www.prevx.com/freescan.asp
Supplied on \web site. on January 10th, 2008
Prevx CSI Incremental Malware Detection For Businesses
PC1
PC2
PC3
Report Group
To access the free Prevx CSI Incremental Detection Scanner For Businesses:Click Here: http://www.prevx.com/registration.asp
Supplied on \web site. on January 10th, 2008
Prevx CSI Incremental Malware Detection For Businesses
PC1Report Group
PC1
Supplied on \web site. on January 10th, 2008
PrevxeCommerce Site Access Control
eSAC
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruEnrolment - On arrival at an eSAC enabled site the visitor has the option to
enrol in the eSAC system:
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruEnrolment - The enrolment procedure clearly outlines the 3 steps required by
the user to download and install the eSAC client:
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruEnrolment – Once installation is complete, an initial eSAC scan is run in order
to baseline the client machine.
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruLogon Procedure – A clean scan results in the user being able to logon with
their personal credentials without fear of identity theft.
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruLogon Procedure – To identify the presence of malware during the scan, the
eSAC scan dialogue immediately changes to a RED status.
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruLogon Procedure – If a malware infection is found during the eSAC scan the
user is forwarded to the following webpage. There they have the option to logon with a known infection or rescan to confirm.
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruPhishing and DNS poisoning detection – Because eSAC offers domain and DNS
monitoring, hosts file and DNS based browser redirection is automatically detected when attempting to log onto a malicious site.
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruPhishing and DNS poisoning detection – Prior to running a malware scan on the client
machine the IP address and DNS resolution for the site are checked. The example below illustrates that the client is attempting to log on via an invalid or unknown IP for the domain:
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruPhishing and DNS poisoning detection – This further example illustrates the
notification to the user when DNS poisoning is detected by the eSAC client.
Supplied on \web site. on January 10th, 2008
Prevx eSAC walk-thruPhishing and DNS poisoning detection – The final dialogue confirms the eSAC client
has reset the local DNS to a safe IP and indicates that a reboot is required to finalise the change.
Supplied on \web site. on January 10th, 2008
For further information about Prevx
CSIeSAC
and Prevx 2.0
http://www.prevx.com/contactus.asp
Top Related