This morning we had a particularly large virus campaign come in. The messages were claiming to be from email@example.com about an unprocessed payment. Attached to the message was a zipped piece of malware.
Over the past month we've been seeing around 1.5 to 2.5 million virus messages through out the entire day. This morning though, over the course of about 3 hours we have seen 6.2 million from a single virus campaign. There were a few other campaigns numbering in the tens of thousands during that time but the fake bill.com malware certainly dwarfed any others. For this campaign, though it was large in volume and numbers across all servers here, the malware attached was matching a virus rule that had previously been in place on our system. That rule having the same 6.2 million matches this morning. Running a sample of the virus in virustotal.com shows only 16 of 54 antivirus companies are blocking this particular executable.