- Aug 11, 2018
- 95
"The new APT's malware goes to extraordinary lengths to evade detection and includes the ability to detect and hide from eight different antivirus products, including Sophos, Kaspersky, AVG and BitDefender."
Who are the other 4 AV products is what I want to know.
Because we face the first marketing malware, made to boost sales of those not listed LOOOOLI'm just curious but why is knowing what AV's the malware is programmed to\can bypass so important to know ?
I'm just curious but why is knowing what AV's the malware is programmed to\can bypass so important to know ?
There is something that can be said about not using what everyone else uses.
It's one of the smartest, most effective and easily implemented counter-strategies. Not that most would understand it, nor implement it even if they did fully grasp it. They will always insist on using the popular softwares X, Y & Z and make the smash a very easy one.
It doesn't take nation-state stuff to encounter AV evasion. There are more than enough documented cases of it. We had multiple samples that either smashed the AV or simply bypassed it. Either case = pwn. ZBot, was a prime example. It could disable HIPS, the firewall, etc. Smash, smash, smash... but use some solution that was not on the radar, and it turned the tables.
Agreed. Even something simple, like using an office product (NOT) Microsoft. A PDF Viewer (NOT) one of the big used ones (Adobe, whatever). All of them add to your portfolio of avoidance of commonly seen threats. It's sort of hilarious to open a loaded document in say Zoho Docs or Softmaker and watch it sort of dumb itself out and not know what to do eh?
A lot of people use popular software (increasing threat surface) because 'it's what others they know do', or in many cases, it's what was free or cost them $5 for a 100 device license or something. (or it scores high on XYZ fake testing) But that's what people want, so that's what they get. Off the shelf evasions I guess..