Through Proofpoint’s research, more than 90% of targeted attacks start with email, and these threats are always evolving. In 2016 March, we deployed our new spam traps system which is based on normal user scenarios. This means that we can harvest the freshest malicious binaries being delivered through email same as normal end users . Most of them are dirty fresh, we checked some of them and found that a certain percentage of them are never-before-seen on virus total. Let’s see an example:
40E18A472F6970A95DE30151241EE3C4.eml
And I check the hash against virus total database, I does not find the record. Then I upload the script to virus total and here is the result on the first run.
https://www.virustotal.com/en/file/905e5ed4cf57cbcf650fd0a23db038f7fb87cf4c0f35bface3e8b7b1f26165bc/analysis/1486301379/
| Detection ratio: | 5 / 54 |
| Analysis date: | 2017-02-05 13:29:39 UTC ( 3 minutes ago ) |
| Antiy-AVL | Trojan/Generic.ASVCS3S.428 | 20170205 |
| F-Secure | Trojan:JS/Kavala.D | 20170205 |
| Fortinet | JS/Nemucod.CDR!tr | 20170205 |
| Microsoft | TrojanDownloader:JS/Swabfex.P | 20170205 |
| Sophos | Mal/DrodZp-A | 20170205 |
