OPSWAT's Metascan is One of the First Security Solutions to Detect Stuxnet

San Francisco, CA (PRWEB) November 2, 2010 -- OPSWAT, the industry leader in software management SDKs, interoperability certification and multiple-engine scanning solutions, announced last week that their Metascan products provided some of the earliest detection capabilities of the Stuxnet worm, a threat that is suspected to be an element of cyber warfare.

In recent weeks the Stuxnet worm has been the subject of countless articles and research reports. It was also a prominently featured subject at last month's Virus Bulletin malware research conference in Vancouver, where OPSWAT was a sponsor.
Stuxnet is an extremely complex piece of malware, using a combination of no fewer than four zero-day Windows exploits to promote infection (typical malware uses only one). The worm was created to infect a very specific target set: Supervisory Control and Data Acquisition (SCADA) systems, which are used to control and monitor industrial processes in facilities such as power plants. The complexity of the virus and its specific targeting have led some to suggest that the worm was created by a group of highly skilled and well-financed programmers, possibly state-backed.

Metascan Flow

The infection was initially discovered on June 17 by VirusBlokAda, a small antivirus company based in Belarus, after one of their resellers pointed to an infection on a customer's endpoint system in Iran. Iran soon became the nexus of the infection, and eventually more than 50% of all Stuxnet occurrences were inside its borders, leading some analysts to speculate that the country's nuclear facilities are the intended final target.

Norman, one of the antivirus engines included in Metascan, OPSWAT's multi-scanning solution, added Stuxnet detection soon after its initial discovery by VirusBlokAda. This gave users of Metascan products detection capabilities several days before users of single-engine solutions from such vendors as Symantec, Kaspersky Lab, Trend Micro and McAfee. Metascan is a multi-scanning solution that uses and optimizes up to ten different anti-malware engines simultaneously, giving users many benefits over a single-engine solution. "Using a Metascan powered solution provides us with confidence in our protection against malware such as Stuxnet; unlike a standard, single-engine product relying on that company's ability to detect every threat, if any one of the engines included in OPSWAT's multi-scanning technology adds detection, we will be secure." said Brett Hathaway from Mindjet, a Metascan customer. Benefits of multi-scanning have also been promoted by companies such as Microsoft, who published a white paper noting, "The problems with a single-engine approach originate from having only one system in place to identify threats – no engine is immune to vulnerability."

While the Metascan SDK requires engineering knowledge to integrate scanning capabilities within a solution, OPSWAT also offers a ready-to-go multi-scanning solution called MD4M (MetaDefender for Media). MD4M provides the ability to scan peripheral media (like external hard drives and removable USB memory disks) before it enters a network or locked-down system. OPSWAT's Director of Engineering, Toshit Antani, commented, "MD4M offers our customers an easily implemented and secure method to protect against threats such as Stuxnet. Our solution provides the optimal tools to create processes ensuring that USB drives and other peripheral media have been efficiently scanned before interacting with customers' networks." Stuxnet was originally reported as being spread through the use of USB media.

Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.