Looking for information on Mamutu

[Hungry Man]

Backdoor related behavior
Spyware related behavior
HiJacker related behavior
Worm related behavior
Dialer related behavior
Keylogger related behavior
Trojan Downloader related behavior
Injection of code into other programs
Manipulation of programs (patching)
Invisible installations of software
Invisible Rootkit processes
Installation of services and drivers
Creation of Autostart entries
Manipulation of the Hosts file
Changes of the browser settings
Installation of debuggers on the system
Simulated mouse and keyboard activity
Direct disk sector access on harddisk
Changes of the system group policies


These are Mamutu's categories of suspicious/malicious behaviors. I know what some are ie: Creation of autostart entries writes to the autostart area in the registry etc but a lot of them are vague.

Anyone know what each one does? Either specifically or in a broad sense.

 

[pcjunklist]

I'm not going to break down everyone of these, but you should stick with emsisoft anti-malware instead of mamutu.

Here is emsisoft comparision http://www.emsisoft.com/en/software/compare/ (click the blue underline for some of the definitions of what they do)

Or you can take advantage of Jack's contest for a free mamutu license here: http://malwaretips.com/Thread-Giveaway-Emsisoft-Mamutu-Giveaway

But if you can spare the $20 I would go with this jack's deal instead: http://malwaretips.com/Thread-Buy-Emsisoft-Anti-Malware-50-OFF-Only-20

 

[Hungry Man]

I've got a Mamutu and Emsisoft license. I'm less interested in using the programs and more interested in understanding them.

I can't find an explanation on their site for some of these.

 

[pcjunklist]

did you take a look at the tutorial?
http://www.emsisoft.com/en/kb/articles/tec100515/

 

[Hungry Man]

Yeah, nothing there about what each one means.

 

[pcjunklist]

What is Heuristic Scanning?
http://www.symantec.com/connect/articles/heuristic-techniques-av-solutions-overview

 

[Hungry Man]

Good article but not exactly what I wanted - I'm looking specifically to find out what each of those behaviors is.

 

[pcjunklist]

https://www.google.com

 

[Hungry Man]

Yes, I've tried searching.

 

[NathanF1]

Apologies if you've already seen these articles on rootkits, trojans, spyware, dialers, worms, etc.

Emsisoft Knowledge Base

Comodo Leak Test Suite has a broad description of the suspicious behaviors you can most probably use for cross-reference to some extent.

A screenshot of the Leak Test Descirptions


P.S. I remembered seeing this a few days ago:

Are there any topics you would like to read an article from us about? We are always looking for cool new content for our knowledge base. It can be either security or computer related.

Link

 

[Littlebits]

One thing you need to take into consideration:

Each vendor has their own description of a malware category.

The same exact malware maybe labeled differently by each vendor, I have seen this many times.

For example what Emsisoft labels a Backdoor, might be labeled as a Trojan or Worm by other vendors.
Most rogueware as usually mislabeled as Trojans by most vendors because they have some of the same characteristics but are not the same.

Sometimes one vendor will labeled a malware as a virus, whereas other vendors might label the exact same malware as spyware, worm, adware, rogueware or Trojan.

Another thing some vendors have different definitions of each category of malware.
They all don't completely agree. So sometimes it is hard to find a correct answer to each category of malware suppose to do and why each malware is labeled into a select category.

Thanks.

 

[NathanF1]

The reason I put the CLT descriptions was mostly as a reference for activities like installing drivers and services, debuggers and process injections - these aren't described at length in Emsisoft's articles.