Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Fake Antivirus: What Are They And How Do You Avoid Them?
Message
<blockquote data-quote="Littlebits" data-source="post: 140719" data-attributes="member: 146"><p>Understanding zero-day malware, the name doesn't apply that the malware is new, it can be several years old. The term applies to malware which is not detected by antivirus software. Some old malware can come back after several years of not getting distributed once AV vendors remove the signatures. </p><p></p><p>- http://en.wikipedia.org/wiki/Zero-day_virus</p><p></p><p>Most zero-day malware never gets widely distributed on the web therefore it is not important for them to be detected most AV vendors will not make signatures for malware that is not currently distributed in the wild and AV vendors will delete the signatures to clean up space in their database once these malware are not longer active. Microsoft deletes signatures after 90 days of no activity in the wild. While some other AV vendors may keep the old signatures for years.</p><p></p><p>Emsisoft and Kaspersky just recently posted articles about zero-day malware, both agreed that the majority of them were Trojans which include these fake security products. Any malware that pretends to be something else is classified as Trojans. </p><p></p><p>The only type of zero-day malware to be concerned about is the ones that are currently being widely distributed on the web. Understanding what active in the wild means- it means that the malware is available on several websites for accidental download, malware found on websites that collect malware for research is not always active in the wild just because you can manually download it from that website that collects malware for research, it doesn't mean it is widely distributed for accidental download.</p><p></p><p>So there are basically two types of zero-day malware, "active and inactive" both can be malware that just has been created or old malware that just recently went back into the wild for distribution.</p><p></p><p>Don't get confused by the name "zero-day" it does not mean the malware was newly created before one day, it means the malware is not detected. Some old malware can come back active in the wild under a new variant to avoid previous detection which will do the same corruption as before. </p><p></p><p>If AV testers would verify that all of the samples tested was currently active in the wild, you would get much better results. But it takes a lot of work to get a sample verified. Most malware samples packs include malware that is not currently active in the wild, that is why some AV will not detect it. </p><p></p><p>Enjoy!! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p></blockquote><p></p>
[QUOTE="Littlebits, post: 140719, member: 146"] Understanding zero-day malware, the name doesn't apply that the malware is new, it can be several years old. The term applies to malware which is not detected by antivirus software. Some old malware can come back after several years of not getting distributed once AV vendors remove the signatures. - http://en.wikipedia.org/wiki/Zero-day_virus Most zero-day malware never gets widely distributed on the web therefore it is not important for them to be detected most AV vendors will not make signatures for malware that is not currently distributed in the wild and AV vendors will delete the signatures to clean up space in their database once these malware are not longer active. Microsoft deletes signatures after 90 days of no activity in the wild. While some other AV vendors may keep the old signatures for years. Emsisoft and Kaspersky just recently posted articles about zero-day malware, both agreed that the majority of them were Trojans which include these fake security products. Any malware that pretends to be something else is classified as Trojans. The only type of zero-day malware to be concerned about is the ones that are currently being widely distributed on the web. Understanding what active in the wild means- it means that the malware is available on several websites for accidental download, malware found on websites that collect malware for research is not always active in the wild just because you can manually download it from that website that collects malware for research, it doesn't mean it is widely distributed for accidental download. So there are basically two types of zero-day malware, "active and inactive" both can be malware that just has been created or old malware that just recently went back into the wild for distribution. Don't get confused by the name "zero-day" it does not mean the malware was newly created before one day, it means the malware is not detected. Some old malware can come back active in the wild under a new variant to avoid previous detection which will do the same corruption as before. If AV testers would verify that all of the samples tested was currently active in the wild, you would get much better results. But it takes a lot of work to get a sample verified. Most malware samples packs include malware that is not currently active in the wild, that is why some AV will not detect it. Enjoy!! :D [/QUOTE]
Insert quotes…
Verification
Post reply
Top