Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.

$Page 1: Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.$
Supplied on \web site. on January 10th, 2008

Reducing Risk ThroughIncremental Malware Detection

January 2008


Incremental Detection

Every day we test 3rd party products to measure the incremental detection we can offer our customers

Actual data from January 9th, 2008


Reducing Risk Through Incremental Detection

• The previous slide illustrates the results from our 3rd party product tests for January 9th, 2008

• The following slides show the backup information available on the samples used for testing. All of the test samples shown overleaf were first seen and harvested in the on the day of the tests.

• This information is available daily, free of charge, to security vendors, industry analysts and major corporations to enable them to independently verify or challenge our testing.– To register for access to this information click here the link below :

• http://www.prevx.com/register.asp



Detected Undetected

Actual data

MD5





Detected Undetected

Actual data


Reducing Risk Through Incremental DetectionJuly 17th,2007



This is a new version of the Trojan.Gorhax information stealer which infiltratedthe US Department of Transportation and many major US Corporations in July,2007.



Detected Undetected

Actual data



• Our daily test results show every sample tested– Which vendors detected each sample– The MD5 hash of each sample– The Prevx summary of the sample’s observed behavior– The identity of the sample as seen in the wild

• Incremental detection test results plus history back to July 2007 is available 24 hours a day online, free of charge



• How does Prevx consistently see so many new malicious objects that are undetected by many other vendors?– Every Prevx product shares knowledge of suspicious software seen by

our client base

– Prevx learns about 80,000+ new executable objects every day from thousands of new and existing Prevx CSI and Prevx 2.0 customers

– Prevx receives 3 Gigabytes of new unique suspicious samples every day

– Prevx has a massively powerful, scalable and automated research facility that determines 7,000 to 10,000 new malicious objects every day.

– Our capabilities actually improve geometrically with volume where most vendors struggle to keep pace



• Is it true that other vendors could claim they detect malware that Prevx doesn’t?– Yes, it is. However, as other vendors do not make

their test data available like we do it is difficult to quantify. We support open disclosure on malware detection scores, we wish other vendors would too.

– We focus our testing on demonstrating the incremental detection that Prevx can offer to a company already using another vendor’s product



• How does Prevx make its incremental detection available?– Prevx CSI: a small, ultra-fast on demand malware detection available

free to consumers and business• http://www.prevx.com/freescan.asp

– Prevx eSAC: a pre-transaction malware screening allowing banks, brokerages and eCommerce web sites and their customers to reduce online fraud

• http://www.prevx.com/esac.asp – Prevx 2.0: powerful anti-malware protection and cleanup

• http://www.prevx.com/antimalware.asp – Prevx CSI+: CSI plus powerful disinfection, remediation and cleanup– Prevx NAC Plug-in: Incremental malware screening for those seeking

faster more powerful detection– Prevx OEM: Incremental detection and remediation technologies



Malware Volumes Are Growing Exponentially



• Prevx CSI proved that out of 1,100,000 PCs screened in between October 2007 and January 9th, 2008 at least one in six PCs had one or more active infections

• Malware volumes are rising exponentially

• In the month of October 2007 alone, more new malicious objects were seen for the first time than were seen in the previous ten years

• Managing the increase in malware volumes is key to detection rates for all vendors

• Prevx has designed its automated malware research facilities to thrive in this environment and as a result our incremental detection rates are improving month on month


Reducing Risk ThroughIncremental Malware Detection

Prevx CSI

“Prevx….. it’s incremental”http://www.prevx.com

Sample screen shots of Prevx CSI follow


Prevx CSI Incremental Malware Detection

Prevx CSI is 600Kb, requires no installation and screens any PC or Server for active malware infections in less than 1 minute. In October 2007, 300,000 users screened their PC with Prevx CSI. One in six PCs had at least one active malware infection.Prevx CSI is compatible with Windows XP, 2000, 2003, Vista and all popular securityapplications.

http://www.prevx.com/freescan.asp


Prevx CSI Incremental Malware Detection For Businesses

PC1

PC2

PC3

Report Group

To access the free Prevx CSI Incremental Detection Scanner For Businesses:Click Here: http://www.prevx.com/registration.asp


Prevx CSI Incremental Malware Detection For Businesses

PC1Report Group

PC1


PrevxeCommerce Site Access Control

eSAC


Prevx eSAC walk-thruEnrolment - On arrival at an eSAC enabled site the visitor has the option to

enrol in the eSAC system:


Prevx eSAC walk-thruEnrolment - The enrolment procedure clearly outlines the 3 steps required by

the user to download and install the eSAC client:


Prevx eSAC walk-thruEnrolment – Once installation is complete, an initial eSAC scan is run in order

to baseline the client machine.


Prevx eSAC walk-thruLogon Procedure – A clean scan results in the user being able to logon with

their personal credentials without fear of identity theft.


Prevx eSAC walk-thruLogon Procedure – To identify the presence of malware during the scan, the

eSAC scan dialogue immediately changes to a RED status.


Prevx eSAC walk-thruLogon Procedure – If a malware infection is found during the eSAC scan the

user is forwarded to the following webpage. There they have the option to logon with a known infection or rescan to confirm.


Prevx eSAC walk-thruPhishing and DNS poisoning detection – Because eSAC offers domain and DNS

monitoring, hosts file and DNS based browser redirection is automatically detected when attempting to log onto a malicious site.


Prevx eSAC walk-thruPhishing and DNS poisoning detection – Prior to running a malware scan on the client

machine the IP address and DNS resolution for the site are checked. The example below illustrates that the client is attempting to log on via an invalid or unknown IP for the domain:


Prevx eSAC walk-thruPhishing and DNS poisoning detection – This further example illustrates the

notification to the user when DNS poisoning is detected by the eSAC client.


Prevx eSAC walk-thruPhishing and DNS poisoning detection – The final dialogue confirms the eSAC client

has reset the local DNS to a safe IP and indicates that a reboot is required to finalise the change.


For further information about Prevx

CSIeSAC

and Prevx 2.0

http://www.prevx.com/contactus.asp

Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.

Documents