For the past couple of weeks, we have been tracking the anti-malware detection of a file with Trojan/Win32.Zbot embedded in it. Using Metascan Online, a free online file scanner that utilizes more than 40 antivirus engines, we scanned this file daily and watched the progress of antivirus engines detecting the threat.
As the chart below shows, on the first day the file was scanned, only five engines marked the file as malicious. Over the next couple of days, more scanning engines began to detect the threat. On the final day of scanning, 39 out of 44 antivirus engines detected the file as malicious.
The majority of the antivirus engines detected the threat within three days of the first upload to Metascan Online, but fewer than half of the engines detected it after one day. Those couple of days can be the difference between a protected network and an infected network; this is only a single example, but it demonstrates nicely the value of using multiple antivirus engines!
