Are A/V vendors really this clueless?
Some material is very old and may be incorrect today
© April 2015 Anthony Lawrence
According to "Botnet that enslaved 770,000 PCs worldwide comes crashing down", this "Simda" botnet was very stealthy, because it "morphed into a new, undetectable form every few hours, allowing it to stay one step ahead of many antivirus programs.".
Well, polymorphic viruses are nasty little beasts, so I suppose it's great that they did manage to finally control this. We can all breathe a little easier and sleep more soundly thanks to the truly brilliant efforts of A/V researchers.
But hold on a minute. According to that article:
The malware modified the HOSTS file Microsoft Windows machines use to map specific domain names to specific IP addresses. As a result, infected computers that attempted to visit addresses such as connect.facebook.net or google-analytics.com were surreptitiously diverted to servers under the control of the attackers. Often the booby-trapped HOSTS file remains even after the Simda backdoor has been removed.
What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server? For real? Such a basic and obvious check is not done?
Wow. That's disturbing.
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
-> -> Are A/V vendors really this clueless?
Inexpensive and informative Apple related e-books:
Take Control of Apple Mail, Third Edition
Are Your Bits Flipped?
Take Control of the Mac Command Line with Terminal, Second Edition
Photos: A Take Control Crash Course
iOS 10: A Take Control Crash Course
More Articles by Anthony Lawrence © 2015-04-15 Anthony Lawrence
I am fascinated by religion. (That's a completely different thing from believing in it!) (Douglas Adams)
This post tagged:
Skills Tests
Unix/Linux Book Reviews
My Unix/Linux Troubleshooting Book
This site runs on Linode
Wed Apr 15 13:51:38 2015: 12662 Alexi
> What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server?
I wouldn't be surprised if some meddling busybodies in $MANAGEMENT decided, in a misguided attempt to improve benchmarking performance, to "deprioritize 'legacy' vectors" and instead focus on "the heuristic analysis of emergent trends"
Wed Apr 15 13:53:53 2015: 12663 TonyLawrence
I love the way you put that :)
------------------------
Printer Friendly Version
Are A/V vendors really this clueless? Copyright © April 2015 Tony Lawrence
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version