Author Topic: FBI Virus!  (Read 15103 times)

0 Members and 1 Guest are viewing this topic.

Offline claudiubotezatu

  • Jr. Member
  • **
  • Posts: 61
Re: FBI Virus!
« Reply #30 on: August 11, 2013, 12:18:48 PM »
Hi true indian,

there is no justification for an AV so popular like Avast! to not protect against FBI malware , also so popular.

Things like "no AV can protect you 100%" and "use common sense" are lame excuses in this situation;


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36925
Re: FBI Virus!
« Reply #31 on: August 11, 2013, 12:49:50 PM »
Hi true indian,

there is no justification for an AV so popular like Avast! to not protect against FBI malware , also so popular.

Things like "no AV can protect you 100%" and "use common sense" are lame excuses in this situation;
another problematic malware here, this was posted in 2009 but it is still going on

Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/


@claudiubotezatu  maybe you could contact the bad guys and tell them not to update there malicious programs, then problem would be solved   ;)



and you can check signures released here  http://www.avast.com/en-no/virus-update-history
130728 - Win32:Ransom-ANT [Trj], Win32:Ransom-ANU [Trj]
130727-1 - Win32:FakeAV-EUG [Trj],
130727-0 - Win32:LockScreen-ACT [Trj], Win32:LockScreen-ACU [Trj], Win32:LockScreen-ACV [Trj], Win32:LockScreen-ACW [Trj], Win32:LockScreen-ACX [Trj], Win32:LockScreen-ACY [Trj], Win32:LockScreen-ACZ [Trj], Win32:Ransom-ANP [Trj], Win32:Ransom-ANQ [Trj], Win32:Ransom-ANR [Trj], Win32:Ransom-ANS [Trj],


and it goes on and on and........



« Last Edit: August 11, 2013, 01:18:12 PM by Pondus »

Offline claudiubotezatu

  • Jr. Member
  • **
  • Posts: 61
Re: FBI Virus!
« Reply #32 on: August 11, 2013, 01:47:16 PM »
Hi Pondus,

Insanity: doing the same thing over and over again and expecting different results.

Albert Einstein



Expecting to defend against FBI virus just updating the signatures over and over again is a lost cause ( if not insanity!!!)

have you looked at Avast! recently??? A thousand of shields, behavior, HIPS cloud, streaming update....  seems extremely sophisticated ...  I wouldn't expect to fight FBI virus using signatures (like 20 years ago...)

What about behavior shield?
What about HIPS?
What about GENERIC signatures?



« Last Edit: August 11, 2013, 01:53:52 PM by claudiubotezatu »

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11077
  • No support PM's thanks
Re: FBI Virus!
« Reply #33 on: August 11, 2013, 01:59:41 PM »
Expecting to defend against FBI virus just updating the signatures is a lost cause ( if not insanity!!!)

have you looked at Avast! recently???
Have you looked at any other AV ? as there all in the same predicament and none of them protect against the very latest variants until their discovered and new code/signatures written to combat the problem.

And avast doesn't have HIP's :)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32943
  • malware fighter
Re: FBI Virus!
« Reply #34 on: August 11, 2013, 02:05:47 PM »
Hi craigb,

There is still also something like educated user interaction and added layered defense to solve such a problem.
It was known from the point zero that just a single av solution cannot provide all-round 100% protection.
And how would you protect against the main problem called PEBKAC, see image attached.
PEBKAC does not fully upgrade and patch her OS and third party software, so PEBKAC stays vulnerable and is at risk.
PEBKAC does not use layered defense like pre-scanning, browser script blocking (NoScript), and clicks after all that moves on and over the screen.
Still PEBKAC relies on an av solution to protect her fully against 0-day malware, insecure Internet practices, downloading insecurities,
and when PEBKAC is at fault she starts moaning and will blame the av solution for not saving her glorious behind...
All sounds a bit cynical but often this is the truth...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36925
Re: FBI Virus!
« Reply #35 on: August 11, 2013, 02:14:15 PM »
Hi Pondus,

Insanity: doing the same thing over and over again and expecting different results.

Albert Einstein



Expecting to defend against FBI virus just updating the signatures over and over again is a lost cause ( if not insanity!!!)

have you looked at Avast! recently??? A thousand of shields, behavior, HIPS cloud, streaming update....  seems extremely sophisticated ...  I wouldn't expect to fight FBI virus using signatures (like 20 years ago...)

What about behavior shield?
What about HIPS?
What about GENERIC signatures?
you can be 100% sure that avast and all the other top dogs are working on this.....but there is no easy solution, if there was...!!!!
and it should be a soulution that also work for Your grandma and not only computer geeks



Offline claudiubotezatu

  • Jr. Member
  • **
  • Posts: 61
Re: FBI Virus!
« Reply #36 on: August 11, 2013, 02:16:34 PM »
Hi craigb,

Sorry, I was thinking at heuristic not HIPS.

Somehow , in removal process , always Malwarebytes is involved or recommended; how come they can do it and Avast! not???


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32943
  • malware fighter
Re: FBI Virus!
« Reply #37 on: August 11, 2013, 02:19:30 PM »
Hi Pondus,

If the user uses the avast updater for OS and third party software that comes with his av solution for free
he is secure against the exploits the malware tries to abuse.
Even using a non-admin account can help, and not clicking the initiating links naturally,
I am on avast! and not infested by this malcode nor any other from those main uri's only...
Using ABP with a malware site blocking list may also help...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11077
  • No support PM's thanks
Re: FBI Virus!
« Reply #38 on: August 11, 2013, 02:26:34 PM »
Hi craigb,

Sorry, I was thinking at heuristic not HIPS.

Somehow , in removal process , always Malwarebytes is involved or recommended; how come they can do it and Avast! not???
Malwarebytes doesn't always help either, it's always suggested to run as it's an essentially great tool to help in the cleaning process but if there database doesn't have the latest variant either then your still in trouble and other tools such as what the Malware guys use need to be used.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: FBI Virus!
« Reply #39 on: August 11, 2013, 05:11:45 PM »
MBAM (and AdwCleaner) are used to clear known malware from the system, the new and unknown requires the human eye.   By running those two programmes there is less clutter for the analyst to work though

Offline Hammey

  • Jr. Member
  • **
  • Posts: 55
  • Certs = Mcse. VB . Office, A+
Re: FBI Virus!
« Reply #40 on: August 11, 2013, 05:39:57 PM »
Hi well I do not know of any perfect programs that always work and never run a error. Also for the ones that think they should be please name me one thing made by Humans that is perfect. Avast does a good job and is not a huge resource hog. For the people that keep getting this malware why would you keep going back to the same site that gives it to you.
MSI Mpower Max, I7-4770K, MSI GTX 780 Lightning, G.SKILL Trident X Series 16GB DDR3-2400, 2X Kingston HyperX 3K 480GB , 1Tb Raptor, Creative ZXR Sound, 1000 watt Coolermaster Single 80 amp Rail, G700s Mouse, Z5500 Speakers

Offline A. User

  • Sr. Member
  • ****
  • Posts: 394
Re: FBI Virus!
« Reply #41 on: August 12, 2013, 01:12:42 PM »
Hi well I do not know of any perfect programs that always work and never run a error. Also for the ones that think they should be please name me one thing made by Humans that is perfect. Avast does a good job and is not a huge resource hog. For the people that keep getting this malware why would you keep going back to the same site that gives it to you.

Use Sandboxie every time you browse the web and set it to automatically delete the sandbox after closing all programs or just your browser. If you take a look at their forum(located here: http://sandboxie.com/phpbb/) you will see that even sandboxie is not 100% perfect and can be exploited so everyone can get infected. Using avast does not mean you can't be infected. :)

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: FBI Virus!
« Reply #42 on: August 12, 2013, 05:42:22 PM »
Hi true indian,http://forum.avast.com/Smileys/default/rolleyes.gif

there is no justification for an AV so popular like Avast! to not protect against FBI malware , also so popular.

Things like "no AV can protect you 100%" and "use common sense" are lame excuses in this situation;

Dont you understand simple english sir??  ::)

Go ahead and google it...even HIPS,Sandboxing,generic sigs,behaviour protection can and will be bypassed.So there are timely remakes and new infection hashes of this ransomware crap coming out almost every day/hour.

with over 10000+ malware everyday,what do you expect?

What about your crazy browsing habits,which are a no.1 prompt reason to get infected.There will never be a 100% protection.

Say if you get vaccinated for a particular disease so you garuntee 100% protection from it,NO you dont.

Cant Read!?:
Quote
MBAM (and AdwCleaner) are used to clear known malware from the system, the new and unknown requires the human eye.   By running those two programmes there is less clutter for the analyst to work though

Quote
Malwarebytes doesn't always help either, it's always suggested to run as it's an essentially great tool to help in the cleaning process but if there database doesn't have the latest variant either then your still in trouble and other tools such as what the Malware guys use need to be used.

You can even see 1000's of people at malwarebytes forums getting help to remove infections everyday even when MBAM Pro was out there.Not just MBAM this is the case to which ever forum you go.See another ransomware case on their own forum:
http://forums.malwarebytes.org/index.php?showtopic=130289

Even they recommend reading a guide on staying safe : http://forums.malwarebytes.org/index.php?showtopic=130289

All softwares are made by humans,it can only be improved on not made perfect.Even mighty uncle google can fetch you searches for this:
http://lmgtfy.com/?q=how+much+malware+comes+out+everyday%3F
http://lmgtfy.com/?q=No+antivirus+is+100%25
http://lmgtfy.com/?q=sandboxing+and+HIPS+vulnerabilities

Was that so hard for you Mr.Perfectionist?   ::)

Or prove your point!? Go ahead and make a antivirus software that is and will be 100% bulletproof and will never be in need of a security patch or fixing or adding of virus defination ever in life?  ;D
« Last Edit: August 12, 2013, 05:55:36 PM by true indian »

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5416
  • Spartan Warrior
Re: FBI Virus!
« Reply #43 on: August 13, 2013, 08:41:06 AM »
Actually, at the moment, all avast! would have to do is block any malware changes to the windows winlogon and safeboot executables, preferably at the registry key level. 

But, as you say, malware writers would find a way around that block too, soon enough.  The only real way to end this would be to put these malware programmers in jail for a very long time so their actions can no longer impact innocent users. 
Windows 10 Home 64-bit 1909 Avast Premier Security version 20.10.2442 (build 20.10.5824.618) UI version 1.0.591.