According to "Botnet that enslaved 770,000 PCs worldwide comes crashing down", this "Simda" botnet was very stealthy, because it "morphed into a new, undetectable form every few hours, allowing it to stay one step ahead of many antivirus programs.".
Well, polymorphic viruses are nasty little beasts, so I suppose it's great that they did manage to finally control this. We can all breathe a little easier and sleep more soundly thanks to the truly brilliant efforts of A/V researchers.
But hold on a minute. According to that article:
The malware modified the HOSTS file Microsoft Windows machines use to map specific domain names to specific IP addresses. As a result, infected computers that attempted to visit addresses such as connect.facebook.net or google-analytics.com were surreptitiously diverted to servers under the control of the attackers. Often the booby-trapped HOSTS file remains even after the Simda backdoor has been removed.
What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server? For real? Such a basic and obvious check is not done?
Wow. That's disturbing.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2015-04-15 Anthony Lawrence
Better to fight for something than live for nothing. (George S. Patton)
Wed Apr 15 13:51:38 2015: 12662 Alexi
> What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server?
I wouldn't be surprised if some meddling busybodies in $MANAGEMENT decided, in a misguided attempt to improve benchmarking performance, to "deprioritize 'legacy' vectors" and instead focus on "the heuristic analysis of emergent trends"
Wed Apr 15 13:53:53 2015: 12663 TonyLawrence
I love the way you put that :)
------------------------
Printer Friendly Version
Are A/V vendors really this clueless? Copyright © April 2015 Tony Lawrence
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version