- Jun 12, 2023
- 684
Can Anti-Viruses stop RATS that have their connection established? For example, stopping rats from taking cookies or files from your PC, even if the connection is established.
They can block the malicious connection to the C&C server if thats what you mean. At least if they have a firewall with IPS for example. Norton for example can do that. You can even harden windows firewall with blocking LOLBins that are often abused by hackers for that purpose.Can Anti-Viruses stop RATS that have their connection established? For example, stopping rats from taking cookies or files from your PC, even if the connection is established.
What about like if that fails - and the people with the remote access try to do stuff like taking your files, stealing cookies, etc - would you AV pick up on that?They can block the malicious connection to the C&C server if thats what you mean. At least if they have a firewall with IPS for example. Norton for example can do that. You can even harden windows firewall with blocking LOLBins that are often abused by hackers for that purpose.
Maybe by behavioural analysis. But as behavioural analysis happens after execution and only as an reaction to malicious behaviour of the malware, it might be too late in cases of Ransomware or stealers.What about like if that fails - and the people with the remote access try to do stuff like taking your files, stealing cookies, etc - would you AV pick up on that?
For me atleast with Harmony or Kaspersky, that shouldnt be a problem. I just wonder if they protect from things like taking files from your pc or reading them and whatnotMaybe by behavioural analysis. But as behavioural analysis happens after execution and only as an reaction to malicious behaviour of the malware, it might be too late in cases of Ransomware or stealers.
Yeah, but for Kaspersky/Harmony detection of the behaviors should be blocked at earlier stages before damage is done without a problem.Maybe by behavioural analysis. But as behavioural analysis happens after execution and only as an reaction to malicious behaviour of the malware, it might be too late in cases of Ransomware or stealers.
Real world scenario:
The police is looking for a killer but has only few clues on who he might be. So they need profilers to analyze the behaviour of the killer to determine who the killer could be. While they are investigating, the killer can already kill various other victims, till the police finds the necessary clues and can finally arrest the suspect. (10/10 story telling)
So malware can do damage while behavioural analysis is analyzing it's behaviour until it can determine that it's unsafe and finally block it.
Again.For me atleast with Harmony or Kaspersky, that shouldnt be a problem. I just wonder if they protect from things like taking files from your pc or reading them and whatnot
It depends on which part of the infection chain the antivirus kicks in. Sometimes it's detected at an early stage, and sometimes not.Yeah, but for Kaspersky/Harmony detection of the behaviors should be blocked at earlier stages before damage is done without a problem.
So even if theres a runtime bypass, there's still hope?Again.
1. Malware can be blocked pre-execution by signatures for example. So the malware in detected before it can even start. ---> Malware has no way of infecting the system and therefor no chance to steal any data.
2. Malware can be blocked post-execution by behavioural analysis. The malware runs in memory and can perform its malicious actions until the antivirus determines wether it's unsafe or not. If it's determined unsafe, it will be blocked. But the malware could potentially already have stealen the data before it was detected.
3. Malicious connection to the malicious C&C is blocked by the firewall, so the malware can't connect to the hackers server and therefor not send the stolen data of the victims system.
Theoretically yes. But it doesn't always have to be the case.So even if theres a runtime bypass, there's still hope?
One of the best solutions out there so you will be good. Just know that no antivirus can protect you from everything that is out there.I mean with Kaspersky/Harmony I probably should be good.
True, But Kaspersky/Harmony is probably the closest thing to it that I can get ahold of.One of the best solutions out there so you will be good. Just know that no antivirus can protect you from everything that is out there.
The only RATS that could infect me are malicious mc mods, which basically just take your mc account, but I believe their RATS, not too sure.NEVER rely on an antivirus solution!
If Kaspersky and Harmony fail and Norton succeeds, will you install Norton?
Ditto if F-Secure succeeds?
You've got to stop believing that antivirus solutions are superheroes who will protect you from everything. They're not...
For a RAT, you already need to know whether the code is known. Some AVs like Eset or Kaspersky decompile the code. If they see a known piece of code, it will be blocked.
For Kaspersky, if the RAT tries to touch the system, it will also be blocked.
And if it gets past Kaspersky, the server's ip address or url must not be known....
Once again, most antivirus programs can protect you from it, some will do better, but if you don't download files like "FortniteVbuksFreeCracked.exe" or "MyDogIsBeautiful.jpg.jar" you risk nothing.
The only RATS that could infect me are malicious mc mods, which basically just take your mc account, but I believe their RATS, not too sure.
No. If you are careful and always double check downloads of which you are unsure about, even "Malicious minecraft mods" can't infect you. And again, those malicious Minecraft mods that you are talking about, are just some kind of stealer that are also used in other attacks. So they are not specifically created to infect minecraft players.The only RATS that could infect me are malicious mc mods, which basically just take your mc account, but I believe their RATS, not too sure.
How can you encrypt behavioral blocking?If your RAT has been encrypted with a tool bought cheaply by a script-kiddies, it will be blocked very quickly.
Making malware completely FUD with all current defensive techniques (Behavior Blocker, Hexadecimal signature, Machine Learning, DeepLearning etc) is not impossible, but difficult.....
typically they always come out to clean, despite being 100% malware.With Harmony you will be able to inspect whether the theft was successful by looking at the Mitre Att&CK Matrix. You can find a course online cheap or free on how to work with the Mitre Att&CK. For solutions that do not offer such mapping (all home AVs) you can hope for the best. In addition, you can upload mods on VT and check them there before you open them.