APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Are A/V vendors really this clueless?

According to "Botnet that enslaved 770,000 PCs worldwide comes crashing down", this "Simda" botnet was very stealthy, because it "morphed into a new, undetectable form every few hours, allowing it to stay one step ahead of many antivirus programs.".

Well, polymorphic viruses are nasty little beasts, so I suppose it's great that they did manage to finally control this. We can all breathe a little easier and sleep more soundly thanks to the truly brilliant efforts of A/V researchers.

But hold on a minute. According to that article:


The malware modified the HOSTS file Microsoft Windows machines use to map specific domain names to specific IP addresses. As a result, infected computers that attempted to visit addresses such as connect.facebook.net or google-analytics.com were surreptitiously diverted to servers under the control of the attackers. Often the booby-trapped HOSTS file remains even after the Simda backdoor has been removed.


What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server? For real? Such a basic and obvious check is not done?

Wow. That's disturbing.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Are A/V vendors really this clueless?

2 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Wed Apr 15 13:51:38 2015: 12662   Alexi

gravatar


> What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server?

I wouldn't be surprised if some meddling busybodies in $MANAGEMENT decided, in a misguided attempt to improve benchmarking performance, to "deprioritize 'legacy' vectors" and instead focus on "the heuristic analysis of emergent trends"






Wed Apr 15 13:53:53 2015: 12663   TonyLawrence

gravatar


I love the way you put that :)

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





It is not only that there is no hiding place for the gods from the searching telescope and microscope; there is no such society any more as the gods once supported. (Joseph Campbell)





This post tagged: