Why your AV solution is ineffective against today's email-borne threats

Greg Leah Symantec Hosted Services (formerly MessageLabs)

  download slides (PDF)

The onslaught of mass email attacks has become a daily occurrence in the industry with which many AV companies have struggled to cope. In attempting to combat these threats, signature-based engines have become ineffective when compared to heuristic engines. With attack runs lasting just minutes and the significant time required for signature deployment, any company that does not have advanced heuristic detection for a zero-day threat before it is launched will inevitably have customers affected.

Furthermore, targeted email attacks are slipping through signature-based scanners completely under the radar. Many of these so-called 'spear-phishing' attacks use unique malicious documents that are sent to only a handful of potential victims. Such intrusions were thrown into the media spotlight recently following the highly publicised 'Aurora' attacks, which resulted in the penetration of Google, Adobe and some 32 other companies including defence contractors and financial institutions.

This paper will use recent mass email attacks as well as small, covert targeted attacks to illustrate some current challenges faced by the AV industry. In particular, it will expose some major shortcomings of traditional signature-based AV. These include lack of protecting against zero-day email attacks launched from Botnets and the inability to shield customers from stealthy targeted attacks. Conversely, it will highlight some of the benefits in these areas of moving towards a cloud-based heuristic solution. The argument will be backed up by real-world data gathered from live email attacks against corporations, SMBs, and public sector institutions.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.