- May 18, 2015
- 54
I did a large scale AV test. Numerous vendors, Free and Paid. The EXEs in question were Zbot/botnet/trojan kind of programs, with a high focus on Zbot, and Zbot Code based trojans.
Avast picked up all but 86 of the trojans. Something like that. Qihoo missed about 234. out of the remaining, MBAM caught 2, and Emsisoft detected none of them.
Keep in mind These Trojans are dormant. But nonetheless. This is not good. appears to be a whole lot of Zbot.exes in the wild that could all be using Zero Days. And i mean a lot.
For KIS, and major vendors to not have caught these, despite being on Zeustracker, Its... kind of a bad sign. Theres supposedly only 19 files associated with zbot now, but i guarantee with this detection rate, and the number of sites, and fastflux and servers popping up and disappearing, Its a whole lot more, And this is probably Large Scale Botnet activity. Its definitely not a good sign. If you can't detect the trojans dormant, its going to be a lot harder to catch them alive.
Since firefox caught the zip file with all the exes, thats good. But i intentionally downloaded it from Zeustracker. And who's to say all of these will be caught. Also some new Adware that isn't being detected i found today. They appear to be dropping other things as well. 1.4 gb of zbot exes, 9000 something exes. but, have only tested 3296 of them. i haven't even tested the cfg files yet.
Avast picked up all but 86 of the trojans. Something like that. Qihoo missed about 234. out of the remaining, MBAM caught 2, and Emsisoft detected none of them.
Keep in mind These Trojans are dormant. But nonetheless. This is not good. appears to be a whole lot of Zbot.exes in the wild that could all be using Zero Days. And i mean a lot.
For KIS, and major vendors to not have caught these, despite being on Zeustracker, Its... kind of a bad sign. Theres supposedly only 19 files associated with zbot now, but i guarantee with this detection rate, and the number of sites, and fastflux and servers popping up and disappearing, Its a whole lot more, And this is probably Large Scale Botnet activity. Its definitely not a good sign. If you can't detect the trojans dormant, its going to be a lot harder to catch them alive.
Since firefox caught the zip file with all the exes, thats good. But i intentionally downloaded it from Zeustracker. And who's to say all of these will be caught. Also some new Adware that isn't being detected i found today. They appear to be dropping other things as well. 1.4 gb of zbot exes, 9000 something exes. but, have only tested 3296 of them. i haven't even tested the cfg files yet.
Last edited by a moderator: