What is the minimum number of AV-applications required?

Posted by Mattias Sandström on October 12, 2009

Started the computer this Monday morning and scanned through the mails. One particular item caught my attention with the subject “You've received a postcard” from 123greetings.com. The message contained a ZIP-file. What piqued my curiosity is that this email ducked under the McAfee AV-solution running on the mail-server... To make matters worse, the Trend solution running on my machine did not object to the file either which made me even more interested - two major AV-solutions not flagging this file...?

Scanning this with VirusTotal.com revealed the truth, 15 of 41 AV-solutions flagged this file as infected! Excerpt from the list of results:

As it looks like two AV-solutions from various vendors is not enough so I installed Microsoft Security Essentials which immediately found the file when unzipping the attachment.

Monday mornings is probably the best time to spread viruses...

UPDATE: at 08:00 CEST Tuesday morning all AV-solutions correctly identified this virus and blocked it both at the mail-server and on the client.


-- Mattias Sandström