McLovin

Level 73
Verified
Trusted
Malware Hunter
Zscaler researchers make an interesting point about fake antiviruses, also known as scareware. Despite the fact that they've been around for several years, many security solutions are still incapable of blocking these threats.



Researchers highlight the fact that, overall, scareware has remained the same as it was a few years ago. The names of the bogus applications may have changed, but other than that, they're pretty much the same.

A perfect example is the Windows 7 Anti-Spyware 2011 (click here) piece of scareware which we detailed a few days ago.

The threat is undetected by most security applications, and when it finds itself on a computer, it starts causing serious damage.

It disables the firewall, the legitimate antivirus application, disables all security warnings and it creates registry entries to ensure that it has full control over the infected device.

Furthermore, it wraps any executable run by the user, so when any application is run, the scareware steps into play, alerting the victim about all sorts of Trojans and Worms that can be allegedly cleaned only by registering the bogus antivirus.

While performing our tests, we've managed to remove the scareware in approximately two hours, but for a regular user the task would not be easy.

Source
 
D

Deleted member 178

Umbra Corporation's advertisement:

With our newly released product Concept of Layered Config you will get rid of any malwares in a minute, faster and safer than those experts !

"Umbra Corporation, because your system worth it ! "

 
P

Plexx

Umbra Corp. said:
Umbra Corporation's advertisement:

With our newly released product Concept of Layered Config you will get rid of any malwares in a minute, faster and safer than those experts !

"Umbra Corporation, because your system worth it ! "
You mean within steps 2 to 4 (one of them would sort it out).

Did you guys now started producing droids? I sense a change on logos/avatars :p


Now on topic: Despite many variation sof the same style/type of Fake AV, vendors do work hard to have the signatures available for detection. The main problem still is the removal. That is where Specific tools shine (MBAM/HMP etc)
 
D

Deleted member 178

Biozfear said:
You mean within steps 2 to 4 (one of them would sort it out).
exactly !

Did you guys now started producing droids? I sense a change on logos/avatars :p
the logo will remain ^^

Now on topic: Despite many variations of the same style/type of Fake AV, vendors do work hard to have the signatures available for detection. The main problem still is the removal. That is where Specific tools shine (MBAM/HMP etc)
i agree, there is so much variations that just an AV based on detection is useless now, users needs proactive features.
 
P

Plexx

Umbra Corp. said:
i agree, there is so much variations that just an AV based on detection is useless now, users needs proactive features.
CIS/Kaspersky/EAM for example did prevent most of the different samples when I tested before (even if they didn't have the signatures to remove).

ESET would achieve good results but required Policy Based mode. Running on Interactive, the normal user would 90% of the time allow it.

avast! on certain samples did attempt to clean and well, cleaned half of it only, whilst the prevention was not up to par.

AVG IDP Module didnt always fire up, causing some infections to go through.

Please bear in mind that the above results were from a few months back. Things might have changed...
 

McLovin

Level 73
Verified
Trusted
Malware Hunter
Biozfear said:
Now on topic: Despite many variation sof the same style/type of Fake AV, vendors do work hard to have the signatures available for detection. The main problem still is the removal. That is where Specific tools shine (MBAM/HMP etc)
That's the biggest problem I've found when it comes to AV's is their removal. Their detection is really good but their removal rate is no the best, mind you last time I did a test AVG was not that bad at it.
 
Top