Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: Knuddi on November 10, 2017, 08:41:02 PM
-
Today there are 90 servers registered to use the SME Optimizer and the positive effects can now been seen. The attachments that are "bad" stay active quite briefly so getting the signatures ready as fast as possible is crucial to reduce chances of being hit. If you look at the raw extract (just a few entries of the 5034 provided by the SME Optimizer users) from the DB you can see "lifetime" (which is first hit to last hit) is often only few hours and very very few live more than 12 hours. Its is also noticable that .doc is the most commonly use attack vector. So thank you for contributing!
+----------------------------------------------------------+------+---------------------------------------+-----------+
| filename | hits | description | lifetime |
+----------------------------------------------------------+------+---------------------------------------+-----------+
| scan_11183.doc | 277 | Trojan.Downloader.DDE.Gen | 13:33:52 |
| image2017-11-09-3263715.doc | 267 | Win32.Outbreak | 04:05:58 |
| scan_317251.doc | 234 | Trojan.Downloader.DDE.Gen | 13:13:49 |
| scan_252805.doc | 201 | Trojan.Downloader.DDE.Gen | 13:18:56 |
| i_680116.doc | 195 | Trojan.Downloader.DDE.Gen | 06:15:05 |
| dc00097519.doc | 185 | Trojan.Downloader.DDE.Gen | 10:32:25 |
| image2017-11-09-8175658.doc | 172 | Win32.Outbreak | 22:52:32 |
| dc00042988.doc | 166 | Trojan.Downloader.DDE.Gen | 10:36:49 |
| invoice 710939516 10.30.2017.doc | 150 | virus.office.ddeauto | 09:54:29 |
| 20171809_38859766180.7z | 142 | virus.vbs.qexvmc.1090 | 00:03:20 |
| scan_17581.doc | 142 | Trojan.Downloader.DDE.Gen | 13:29:53 |
| dc00020785.doc | 140 | Trojan.Downloader.DDE.Gen | 11:33:27 |
| i_359065.doc | 135 | Trojan.Downloader.DDE.Gen | 05:18:53 |
| i_863200.doc | 117 | Trojan.Downloader.DDE.Gen | 04:43:27 |
| i_965085-1.7z | 114 | virus.vbs.qexvmc.1085 | 05:36:37 |
| invoice 638748365 10.30.2017.doc | 113 | virus.office.ddeauto | 09:48:42 |
| invoice_0622-pdf.arj | 107 | Win32:Evo-gen [Susp] | 119:30:17 |
| advice_892582_20171106.doc | 103 | Win32.Outbreak | 13:33:00 |
| advice_265960_20171106.doc | 101 | Win32.Outbreak | 12:37:21 |
| advice_584041_20171106.doc | 96 | Win32.Outbreak | 11:26:51 |
| new document-94.doc | 95 | virus.office.ddeauto | 01:48:13 |
| 10008003686.7z | 93 | virus.vbs.qexvmc.1080 | 02:06:50 |
| invoice_file_70839.doc | 91 | Trojan.Downloader.DDE.Gen | 03:32:44 |
| invoice 022159576 10.30.2017.doc | 91 | virus.office.ddeauto | 10:19:57 |
| 20171103_363324.doc | 91 | Win32.Outbreak | 02:06:12 |
| 521030362_11_07_2017_42_42_26.doc | 90 | HEUR:Trojan.WinLNK.Agent.gen | 03:33:46 |
| 001997902_11_07_2017_00_34_15.doc | 89 | HEUR:Trojan.WinLNK.Agent.gen | 04:28:33 |
| 20171103_283339.doc | 88 | Win32.Outbreak | 02:01:40 |
| 6018_payment.7z | 87 | virus.vbs.qexvmc.1085 | 00:03:16 |
| payment_201708-570.7z | 86 | virus.js.qexvmc.1075 | 00:49:22 |
| 20171809_60826849235.7z | 86 | virus.vbs.qexvmc.1080 | 00:03:28 |
| dc000450.doc | 84 | Trojan.Downloader.DDE.Gen | 10:17:09 |
| advice_072652_20171106.doc | 84 | Win32.Outbreak | 11:31:47 |
-
and thank you for the service!
-
and my 2C...
regards,
stefan
-
Thanks for the reminder, I just added one more to the installed base :D