News of this attack comes on the heels of a recent debate among security and antivirus experts regarding the efficiency of desktop antivirus products at detecting new threats that don't have a widespread distribution, like the type of malware used in APT attacks. The discussion was prompted by a study released by security firm Imperva in December, which concluded that newly created threats have an initial antivirus detection rate of under 5%.
Even though the methodology used in the study was heavily criticized as being flawed and inaccurate, some experts strongly believe that desktop antivirus products are incapable of detecting the custom malware used today in targeted attacks against organizations.
"From my own experience, within corporate/enterprise networks, desktop antivirus detection typically hovers at 1-2% for the threats that make it through the various network defenses," Gunter Ollmann, the chief technology officer at security consultancy firm IOActive said earlier this month in a blog post. "For newly minted malware that is designed to target corporate victims, the rate is pretty much 0% and can remain that way for hundreds of days after the malware has been released into the wild."