Today there are 90 servers registered to use the SME Optimizer and the positive effects can now been seen. The attachments that are "bad" stay active quite briefly so getting the signatures ready as fast as possible is crucial to reduce chances of being hit. If you look at the raw extract (just a few entries of the 5034 provided by the SME Optimizer users) from the DB you can see "lifetime" (which is first hit to last hit) is often only few hours and very very few live more than 12 hours. Its is also noticable that .doc is the most commonly use attack vector. So thank you for contributing!
+----------------------------------------------------------+------+---------------------------------------+-----------+
| filename | hits | description | lifetime |
+----------------------------------------------------------+------+---------------------------------------+-----------+
| scan_11183.doc | 277 | Trojan.Downloader.DDE.Gen | 13:33:52 |
| image2017-11-09-3263715.doc | 267 | Win32.Outbreak | 04:05:58 |
| scan_317251.doc | 234 | Trojan.Downloader.DDE.Gen | 13:13:49 |
| scan_252805.doc | 201 | Trojan.Downloader.DDE.Gen | 13:18:56 |
| i_680116.doc | 195 | Trojan.Downloader.DDE.Gen | 06:15:05 |
| dc00097519.doc | 185 | Trojan.Downloader.DDE.Gen | 10:32:25 |
| image2017-11-09-8175658.doc | 172 | Win32.Outbreak | 22:52:32 |
| dc00042988.doc | 166 | Trojan.Downloader.DDE.Gen | 10:36:49 |
| invoice 710939516 10.30.2017.doc | 150 | virus.office.ddeauto | 09:54:29 |
| 20171809_38859766180.7z | 142 | virus.vbs.qexvmc.1090 | 00:03:20 |
| scan_17581.doc | 142 | Trojan.Downloader.DDE.Gen | 13:29:53 |
| dc00020785.doc | 140 | Trojan.Downloader.DDE.Gen | 11:33:27 |
| i_359065.doc | 135 | Trojan.Downloader.DDE.Gen | 05:18:53 |
| i_863200.doc | 117 | Trojan.Downloader.DDE.Gen | 04:43:27 |
| i_965085-1.7z | 114 | virus.vbs.qexvmc.1085 | 05:36:37 |
| invoice 638748365 10.30.2017.doc | 113 | virus.office.ddeauto | 09:48:42 |
| invoice_0622-pdf.arj | 107 | Win32:Evo-gen [Susp] | 119:30:17 |
| advice_892582_20171106.doc | 103 | Win32.Outbreak | 13:33:00 |
| advice_265960_20171106.doc | 101 | Win32.Outbreak | 12:37:21 |
| advice_584041_20171106.doc | 96 | Win32.Outbreak | 11:26:51 |
| new document-94.doc | 95 | virus.office.ddeauto | 01:48:13 |
| 10008003686.7z | 93 | virus.vbs.qexvmc.1080 | 02:06:50 |
| invoice_file_70839.doc | 91 | Trojan.Downloader.DDE.Gen | 03:32:44 |
| invoice 022159576 10.30.2017.doc | 91 | virus.office.ddeauto | 10:19:57 |
| 20171103_363324.doc | 91 | Win32.Outbreak | 02:06:12 |
| 521030362_11_07_2017_42_42_26.doc | 90 | HEUR:Trojan.WinLNK.Agent.gen | 03:33:46 |
| 001997902_11_07_2017_00_34_15.doc | 89 | HEUR:Trojan.WinLNK.Agent.gen | 04:28:33 |
| 20171103_283339.doc | 88 | Win32.Outbreak | 02:01:40 |
| 6018_payment.7z | 87 | virus.vbs.qexvmc.1085 | 00:03:16 |
| payment_201708-570.7z | 86 | virus.js.qexvmc.1075 | 00:49:22 |
| 20171809_60826849235.7z | 86 | virus.vbs.qexvmc.1080 | 00:03:28 |
| dc000450.doc | 84 | Trojan.Downloader.DDE.Gen | 10:17:09 |
| advice_072652_20171106.doc | 84 | Win32.Outbreak | 11:31:47 |
3 Replies
1946 Views