Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Learn more about Remediation Time – response time to security incidents (the results from protection test in January 2023)
Message
<blockquote data-quote="Trident" data-source="post: 1026478" data-attributes="member: 99014"><p>[USER=98186]@Oerlink[/USER] ,</p><p></p><p>I’ve observed few products (one of them being included on that test) failing to remediate RATs detected via dynamic analysis just seconds after execution. Some have improved after my reporting, one of them did not and still has this problem to date (it is not on this test). They have not asked for a reboot and they’ve claimed that threats are “fixed” and “secured” when in fact inspection of processes (where it has been injected) as well as network inspection showed that the RAT is actively listening based on its configured period of refreshment.</p><p></p><p>It was on that same test that I had created and saved accounts in Chrome Auto-Fill for testing purposes and suspicious log-in activity was observed not long after threats were “secured” (2-3 days) on few of them: Discord, Outlook (still to this day activity continues and the research was 2 years ago, it is a very large botnet), PayPal, Gmail and even funnier - an adult website (very popular one). Although I had saved virtual cards there was no evidence that this particular group was interested in that.</p><p>Sadly these accounts were all fake and did not provide the crypto that they seek.</p><p></p><p>I later on discovered these accounts on a Telegram channel. It shined some light on some connections that we didn’t know about.</p><p></p><p>I trust that some of them terminate the infection chain early and correctly, but the only way to be sure is to inspect and not to assume.</p><p></p><p>As for the remediation time itself, it doesn’t mean anything, it may have been a long sleep even. Again, no conclusion can be drawn just based on that.</p></blockquote><p></p>
[QUOTE="Trident, post: 1026478, member: 99014"] [USER=98186]@Oerlink[/USER] , I’ve observed few products (one of them being included on that test) failing to remediate RATs detected via dynamic analysis just seconds after execution. Some have improved after my reporting, one of them did not and still has this problem to date (it is not on this test). They have not asked for a reboot and they’ve claimed that threats are “fixed” and “secured” when in fact inspection of processes (where it has been injected) as well as network inspection showed that the RAT is actively listening based on its configured period of refreshment. It was on that same test that I had created and saved accounts in Chrome Auto-Fill for testing purposes and suspicious log-in activity was observed not long after threats were “secured” (2-3 days) on few of them: Discord, Outlook (still to this day activity continues and the research was 2 years ago, it is a very large botnet), PayPal, Gmail and even funnier - an adult website (very popular one). Although I had saved virtual cards there was no evidence that this particular group was interested in that. Sadly these accounts were all fake and did not provide the crypto that they seek. I later on discovered these accounts on a Telegram channel. It shined some light on some connections that we didn’t know about. I trust that some of them terminate the infection chain early and correctly, but the only way to be sure is to inspect and not to assume. As for the remediation time itself, it doesn’t mean anything, it may have been a long sleep even. Again, no conclusion can be drawn just based on that. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
