This could be a long blog post, but I’ll try to make it short. However, for those of you that are lazy, here you can read the answer to the question, and the ones interested on the whole story (I will make it short, I promise) just follow the * mark:

NO (*)

(*): One of the characteristics of a targeted attack is that the attacker has previously studied the victim (who is a specific person or organization). This attacker will study the victim: Which systems he is running, where the most valuable information is located, what defenses are built in place, etc. And not only that, also the person(s) will be investigated, in which fields are they working, what hobbies they have, etc. This is why it is almost impossible to avoid these kinds of attacks. However, this is not a reason to lower our defenses, and that’s something that really puzzles me: taking a look at some of the major attacks we have seen in the last years, many of them were possible because there were servers with no antivirus protection, with an outdated operating system, etc. In a single word: negligence.

However, this is not always the case. If we take a look at the 2 most important attacks that have happened during 2011 (the RSA incident and the Duqu case) we will see that both attacks were really sophisticated, and that the way to start the intrusion was a mix of social engineering mixed with some kind of software vulnerability. I would like to point out that in both cases users were receiving a document, and once it was opened the document dropped and run a file in the system, and from that moment on the system was compromised. Of course, these kind of attacks can be done using known or unkown vulnerabilities, and you could argue that a user has no way to detect that a document is malformed in that way, and that the antivirus won’t detect a single thing as it will be new and the attacker has previously checked that the malware pieces involved were not detected: fair enough, I do agree with that.

And what if I tell you that if they had used Panda the attack would have failed? In 2004 we released TruPrevent technologies, with the goal to detect a portion of the brand new malware, that one that was still not detected with signatures. Since then we have included those technologies in our products, and one of those basically prevents that opening a document a file is downloaded and executed. Smart, nice, clean… šŸ™‚

Conclusion: in case RSA, or any of the companies attacked by Duqu, had used even the free version of Panda Cloud Antivirus those intrusions wouldn’t have happened… IN THAT WAY. Anyway, remember the answer to the question (“NO”). Attackers would have figured out a way to circumvent it, probably trying a different kind of attack, but the harder we make it, the more chances we’ll have to avoid it.