CryptoLocker file more than 40 hours in the wild but still undetected by AV's on VirusTotal (0/56)

GrujaRS

Level 5
Verified
Aug 7, 2016
228
More than 40 hours of virus circulating, and they enjoy the weekend!
For whom work AntiVirus company???
Whom they protect their clients or malware creators???
CryptoLocker sample.PNG
 
Last edited by a moderator:

Captain Awesome

Level 23
Verified
May 7, 2016
1,241

Der.Reisende

Level 44
Verified
Trusted
Content Creator
Malware Hunter
Dec 27, 2014
3,367
Last edited:

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,398

Solarquest

Moderator
Verified
Staff member
Malware Hunter
Jul 22, 2014
2,526
I think that lower/no definitions update during weekends is a shame, user should consider this when choosing an AV.
Considering the huge nr. of users some AV have it's incredible they cannot employ someone on the weekends and leave millions of user with lower protection.
 

Solarquest

Moderator
Verified
Staff member
Malware Hunter
Jul 22, 2014
2,526
Here is when different layer protection approach come into... in this case blocking the remote site would be enough to protect the user.
The problem is many AV just have a list of bad sites, no heuristic or other method to detect them.
If MW author change the site or have multiples (some have 1000+) the AV has problems/won't detect them all.
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,398
About the lack of Heuristic in Web AV module, not the case of Kaspersky ;) but agree, even in Kaspersky I've noticed that they relax at weekends, prolonging signature updates, also KL VirusDesk final verdict today is taking longer, as usually at weekends...
 
Last edited:
Top