IronPort Threat Operations Center

The 24x7x365 IronPort Threat Operation Center provides human oversight to ensure speed and accuracy. Experienced analysts use sophisticated tools to verify anomalies and approve automatically generated Outbreak Rules.

What is a Virus Outbreak?

Of the email-based viruses that occur on a daily basis, only few qualify for Virus Outbreak status. For a virus to be classified as an outbreak, it must:

  • be a new virus (or a new variant of an existing known virus),
  • have moderate to significant damage potential,
  • have a widespread distribution, and
  • be an infection that IronPort has seen several instances of, from varied sources.

If any of these occurrences satisfy the above criteria, our Threat Operation Center (TOC) investigates the incident and issues outbreak rules to protect our customers.

Current Virus Outbreak Threat Level

Virus Outbreak Threat Level
Red - Virus Outbreak In Progress
Orange - Virus Outbreak In Last 24 Hours
Green - No Virus Outbreak In Last 24 Hours

 

Virus Outbreaks in the Last 24 Hours (Last Updated: May 24, 2013)

Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant
Trojan variant

Virus Outbreak Filters Lead Times

Below are the 20 most recent outbreaks tracked by the IronPort Threat Operations Center and the lead time that IronPort Virus Outbreak Filters provided for each, relative to the signature times of several other anti-virus vendors.

Legend
Zero Hour Detection Post Zero Hour Detection
All times are GMT and in 24 hour format
Virus Name IronPort Sophos McAfee Trend Micro Symantec
Troj/Bancos-BVQ 05/23/2013 04:57 +0d 7h 18m Not Published Not Published Not Published
Troj/Zbot-FGS 05/23/2013 02:45 +0d 9h 30m Not Published Not Published +0d 2h 30m
Troj/DwnLdr-KWI 05/23/2013 01:53 +0d 10h 22m Not Published Not Published Not Published
Troj/DwnLdr-KWJ 05/23/2013 00:58 +0d 11h 17m Not Published Not Published Not Published
Troj/Zbot-FGQ 05/23/2013 00:20 +0d 11h 55m Not Published Not Published +0d 13h 55m
Troj/Zbot-FGO 05/22/2013 15:48 +0d 20h 27m Not Published Not Published +0d 13h 27m
Troj/Zbot-FGM 05/22/2013 15:33 +0d 20h 42m Not Published +0d 16h 22m Not Published
Troj/AutoIt-TT 05/22/2013 14:57 +0d 21h 18m Not Published Not Published +0d 7h 8m
Troj/Zbot-FGO 05/22/2013 14:40 +0d 21h 35m Not Published +0d 15h 5m +0d 14h 35m
Troj/Zbot-FGO 05/22/2013 13:58 +0d 22h 17m Not Published +0d 3h 17m +0d 8h 7m
Troj/Zbot-FGO 05/22/2013 13:23 +0d 22h 52m Not Published +0d 3h 52m +0d 15h 52m
Troj/Fareit-AT 05/22/2013 10:07 +1d 2h 8m Not Published +0d 4h 53m +0d 11h 58m
Troj/Fareit-AR 05/22/2013 09:30 +1d 2h 45m Not Published Not Published +0d 12h 35m
Trojan variant 05/22/2013 07:45 Not Published Not Published +0d 9h 30m +0d 14h 20m
Troj/Agent-ABSK 05/22/2013 06:31 +1d 5h 44m Not Published Not Published +0d 15h 34m
Troj/Zbot-FFU 05/22/2013 06:15 +1d 6h 0m +1d 9h 30m +0d 15h 30m +0d 15h 50m
Troj/DwnLdr-KVG 05/22/2013 05:36 +1d 6h 39m Not Published Not Published Not Published
Troj/Banloa-OH 05/22/2013 01:49 +0d 8h 56m Not Published Not Published Not Published
Troj/Banloa-OG 05/22/2013 00:45 +1d 11h 30m +0d 16h 45m Not Published Not Published
Troj/VBInj-FN 05/22/2013 00:05 +1d 12h 10m Not Published Not Published Not Published

Note: The AV signature times referenced are the first publicly published signature times. If signature time is not available, first publicly published alert time is used. Generic signatures not included.