The beauty of having a system the works automatically is that we don’t necessarily notice big outbreaks until they’ve already happened and been blocked (and even then we need to look for them). That’s what turned out to have been happening the last couple weeks, when the makers of the Stration malware – one of the original server side polymorphic malwares that we reported on last year – decided to resuscitate it and show the world that it ain’t dead yet. Starting in late November 2007, massive amounts of Stration malware variants were detected and blocked by Commtouch Zero Hour Virus Outbreak Protection service.
How did I happen to notice it? I periodically check on our Malware Outbreak Center to see what’s new, and suddenly noticed 50(!) entries on December 4th. Now email-borne malware has been on the decline of late, being taken over with more “blended threats,” or innocuous appearing emails with hyperlinks to malware sites in them, so to see 50 malware attachments on a single day in the Outbreak Center was pretty unusual. So, I went back to our lab guys, who confirmed that indeed, we were in the middle of a massive Stration outbreak. Here’s some data they pulled on the outbreak: