Are A/V vendors really this clueless?
I've removed advertising from most of this site and will eventually clean up the few pages where it remains.
While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.
If you found something useful today, please consider a small donation.
Some material is very old and may be incorrect today
© April 2015 Anthony Lawrence
According to "Botnet that enslaved 770,000 PCs worldwide comes crashing down", this "Simda" botnet was very stealthy, because it "morphed into a new, undetectable form every few hours, allowing it to stay one step ahead of many antivirus programs.".
Well, polymorphic viruses are nasty little beasts, so I suppose it's great that they did manage to finally control this. We can all breathe a little easier and sleep more soundly thanks to the truly brilliant efforts of A/V researchers.
But hold on a minute. According to that article:
The malware modified the HOSTS file Microsoft Windows machines use to map specific domain names to specific IP addresses. As a result, infected computers that attempted to visit addresses such as connect.facebook.net or google-analytics.com were surreptitiously diverted to servers under the control of the attackers. Often the booby-trapped HOSTS file remains even after the Simda backdoor has been removed.
What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server? For real? Such a basic and obvious check is not done?
Wow. That's disturbing.
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
-> -> Are A/V vendors really this clueless?
Inexpensive and informative Apple related e-books:
Take Control of iCloud
Take Control of Apple Mail, Third Edition
Take Control of iCloud, Fifth Edition
Take Control of Preview
Photos: A Take Control Crash Course
More Articles by Anthony Lawrence © 2015-04-15 Anthony Lawrence
Better to fight for something than live for nothing. (George S. Patton)
This post tagged:
Skills Tests
Unix/Linux Book Reviews
My Unix/Linux Troubleshooting Book
This site runs on Linode
Wed Apr 15 13:51:38 2015: 12662 Alexi
> What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server?
I wouldn't be surprised if some meddling busybodies in $MANAGEMENT decided, in a misguided attempt to improve benchmarking performance, to "deprioritize 'legacy' vectors" and instead focus on "the heuristic analysis of emergent trends"
Wed Apr 15 13:53:53 2015: 12663 TonyLawrence
I love the way you put that :)
------------------------
Printer Friendly Version
Are A/V vendors really this clueless? Copyright © April 2015 Tony Lawrence
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version