Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
How I got infected last time thread
Message
<blockquote data-quote="SeriousHoax" data-source="post: 1015722" data-attributes="member: 78686"><p>A silly mistake, but it happens to the best of us.</p><p>I very often test products against this type of malware targeted to home users that can be found on Google search, YouTube Search and torrent sites.</p><p>From what I have seen,</p><p><span style="color: rgb(44, 130, 201)">ESET </span>detects 9/10 of these files by signature/heuristic and on some rare occasions by the local ML/Augur detection prior to execution. The others after execution.</p><p><span style="color: rgb(251, 160, 38)">Avast</span> detects 7/10 by signatures prior to execution. Some after execution and saw it missing two last month but not recently. Maybe it has improved.</p><p><span style="color: rgb(247, 218, 100)">Norton</span> 2/10 by signatures prior to execution. Sometimes detects payloads which stops the attack or <strong>via</strong> IPS via like yours with Redline stealer activity or backdoor activity in case of backdoor samples. So I think the data remains safe.</p><p><span style="color: rgb(147, 101, 184)">Microsoft Defender</span> detects 0/10 by signatures prior to execution even a week later but after execution detects payloads and end up protecting the system 9/10 times.</p><p><span style="color: rgb(226, 80, 65)">Bitdefender</span> and <span style="color: rgb(65, 168, 95)">Kaspersky</span> on average 0/10 by signatures prior to execution when the sample is new. Bitdefender detects all I tested pretty quickly after execution by behavior. Sometimes it doesn't delete the main sample file, sometimes it does.</p><p>Kaspersky detects by behavior at a slightly later stage but prior to any data getting stolen and always perform a perfect cleanup.</p><p>These malware are changed almost every day with new C2C servers to communicate. But the behavior remains similar mostly. Norton should have found something by now to detect the activity by their BB aka SONAR.</p></blockquote><p></p>
[QUOTE="SeriousHoax, post: 1015722, member: 78686"] A silly mistake, but it happens to the best of us. I very often test products against this type of malware targeted to home users that can be found on Google search, YouTube Search and torrent sites. From what I have seen, [COLOR=rgb(44, 130, 201)]ESET [/COLOR]detects 9/10 of these files by signature/heuristic and on some rare occasions by the local ML/Augur detection prior to execution. The others after execution. [COLOR=rgb(251, 160, 38)]Avast[/COLOR] detects 7/10 by signatures prior to execution. Some after execution and saw it missing two last month but not recently. Maybe it has improved. [COLOR=rgb(247, 218, 100)]Norton[/COLOR] 2/10 by signatures prior to execution. Sometimes detects payloads which stops the attack or [B]via[/B] IPS via like yours with Redline stealer activity or backdoor activity in case of backdoor samples. So I think the data remains safe. [COLOR=rgb(147, 101, 184)]Microsoft Defender[/COLOR] detects 0/10 by signatures prior to execution even a week later but after execution detects payloads and end up protecting the system 9/10 times. [COLOR=rgb(226, 80, 65)]Bitdefender[/COLOR] and [COLOR=rgb(65, 168, 95)]Kaspersky[/COLOR] on average 0/10 by signatures prior to execution when the sample is new. Bitdefender detects all I tested pretty quickly after execution by behavior. Sometimes it doesn't delete the main sample file, sometimes it does. Kaspersky detects by behavior at a slightly later stage but prior to any data getting stolen and always perform a perfect cleanup. These malware are changed almost every day with new C2C servers to communicate. But the behavior remains similar mostly. Norton should have found something by now to detect the activity by their BB aka SONAR. [/QUOTE]
Insert quotes…
Verification
Post reply
Top