CTO Amir Lev on the Command AV acquisition and current malware trends

Commtouch recently acquired Command, the antivirus division of Authentium. We had a quick chat with Amir Lev, Commtouch CTO and president, to discuss the current state of global virus activity and the Command AV SDK.

What are current malware trends? 

The latest trends involve combined threats – emails with an HTML attachment or embedded hyperlink that leads to a site with malware or phishing schemes. The malware may add your computer to a global botnet or include Trojans for stealing banking and email passwords, all while hijacking Outlook to perpetuate the email distribution.

Often, cybercriminals use familiar brand names like Amazon, UPS, or LinkedIn to prompt you to open their emails and attachments or follow embedded links.

What are the best ways to protect users from these types of threats?

Ideally you need multi-vector protection. The best way to achieve this is to have data-sharing between the different defense vectors. For example, phishing URLs should be known to both the Web security and anti-spam systems. This prevents phishing emails from even being seen by email users. Another example is the sending IP address of a spammer – once the anti-spam solution has detected this IP enough times, the information can be shared with an IP reputation solutions, which can block further emails from getting past the network perimeter. A further example is the AV solution detecting malware at a site and feeding the URL data to the Web security solution. Users would then be protected by the Web security solution alerting them not to visit the malware site.

Of course, personal vigilance remains important. Whenever you receive an unexpected email, think about whether you know the sender, if you are really expecting a message from that particular brand, or if the combination of topic and sender is appropriate.

The Commtouch solutions we know are all based in the cloud. Is Command Antivirus a cloud-based solution?

Most virus detections are handled by the Command SDK, which resides locally on the server or device. The SDK utilizes multiple engines to detect viruses based on heuristics, file signatures and other proprietary techniques. We have recently integrated a new component that will also query the cloud.

How long does the integration typically take?

The SDK is very easy to integrate. Most partners take one to three days to get the SDK integrated.