Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
More Fun with Ransomware Part 5
Message
<blockquote data-quote="cruelsister" data-source="post: 513724" data-attributes="member: 7463"><p>Hi Langh- No you are not close to a Noob and your comment is superb. </p><p></p><p>The applications that the malware was run against are Anti-Ransomware products and are not dependent on definitions; thus seeking out a true zero day sample (or by a total modification of this one) would be pointless. Instead this video was testing if any of the applications could detect and block the mechanism of action of the malware. If they could they would be proof against any morphed sample of this class, no matter how new.</p><p></p><p>As I stated on the initial slide, the malware used today was a week old and certainly should be detected by any half-way decent AV. The issue for AV's (and "Safe Browsing") is that the malware is being modified at the least daily to make it zero day (or as close to it as one can make it), and is being pushed out as an exploit (via the Hunter EK) on infected web pages. In short this one with the over 40 detections really won't be seen today as it has been replaced by a file with zero detections. Any Blackhat over Script-Kiddie level is aware that her malware can have an effective lifespan of about 12 hours before morphing (and change of servers) is needed.</p><p></p><p>But with a good AV you may be fine as long as you aren't in the wrong place at the wrong time.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 513724, member: 7463"] Hi Langh- No you are not close to a Noob and your comment is superb. The applications that the malware was run against are Anti-Ransomware products and are not dependent on definitions; thus seeking out a true zero day sample (or by a total modification of this one) would be pointless. Instead this video was testing if any of the applications could detect and block the mechanism of action of the malware. If they could they would be proof against any morphed sample of this class, no matter how new. As I stated on the initial slide, the malware used today was a week old and certainly should be detected by any half-way decent AV. The issue for AV's (and "Safe Browsing") is that the malware is being modified at the least daily to make it zero day (or as close to it as one can make it), and is being pushed out as an exploit (via the Hunter EK) on infected web pages. In short this one with the over 40 detections really won't be seen today as it has been replaced by a file with zero detections. Any Blackhat over Script-Kiddie level is aware that her malware can have an effective lifespan of about 12 hours before morphing (and change of servers) is needed. But with a good AV you may be fine as long as you aren't in the wrong place at the wrong time. [/QUOTE]
Insert quotes…
Verification
Post reply
Top