Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Using Defender as your first line of defense
Message
<blockquote data-quote="Andy Ful" data-source="post: 845714" data-attributes="member: 32260"><p>Yes in some cases, and No in some cases. This will be true for most AVs. The AV has a chance to stop it when executed from disk, like in malware tests. But not necessarily, if it will be loaded into memory by another malware/exploit on the already infected system, which probably will be the case in the wild. Many Phoenix samples do not try to obtain persistence and can detect a virtual machine environment. So, Phoenix will be hard to detect by the AV.</p><p>The better chances have security solutions based on NIDS, that can monitor network traffic.</p><p>Such malware cannot magically appear on your computer. It has to be delivered, usually via phishing + exploits. The best method to avoid it, will be updating Windows and installed software.</p><p></p><p>"<em><span style="font-size: 18px"><strong>Delivery Method</strong></span></em></p><p><em></em></p><p><em>By default, Illusion supplies the Phoenix keylogger to their buyers as a stub. The buyer must use their own methods to deliver the stub to the target machine. The majority of Phoenix infections we observe originate from phishing attempts that leverage a weaponized rich text file (RTF) or Microsoft Office document. These deliveries do not use the more popular malicious macro technique, but instead use known exploits. Most commonly, they exploit the Equation Editor vulnerability"</em>.</p><p></p><p>[URL unfurl="true"]https://www.cybereason.com/blog/phoenix-the-tale-of-the-resurrected-alpha-keylogger[/URL]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 845714, member: 32260"] Yes in some cases, and No in some cases. This will be true for most AVs. The AV has a chance to stop it when executed from disk, like in malware tests. But not necessarily, if it will be loaded into memory by another malware/exploit on the already infected system, which probably will be the case in the wild. Many Phoenix samples do not try to obtain persistence and can detect a virtual machine environment. So, Phoenix will be hard to detect by the AV. The better chances have security solutions based on NIDS, that can monitor network traffic. Such malware cannot magically appear on your computer. It has to be delivered, usually via phishing + exploits. The best method to avoid it, will be updating Windows and installed software. "[I][SIZE=5][B]Delivery Method[/B][/SIZE] By default, Illusion supplies the Phoenix keylogger to their buyers as a stub. The buyer must use their own methods to deliver the stub to the target machine. The majority of Phoenix infections we observe originate from phishing attempts that leverage a weaponized rich text file (RTF) or Microsoft Office document. These deliveries do not use the more popular malicious macro technique, but instead use known exploits. Most commonly, they exploit the Equation Editor vulnerability"[/I]. [URL unfurl="true"]https://www.cybereason.com/blog/phoenix-the-tale-of-the-resurrected-alpha-keylogger[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
