Since the WSJ report was released, endpoint security solutions have received a lot of media attention. As many have started to ask “Is AV really dead?”, I felt it was a good idea to talk about it from my perspective. Let’s get this out of the way right off the bat: no, AV is not dead. However, what is dead, and has been for many years now, is the traditional, reactive AV protection approach that uses signature-based detection. Within the security industry, it is common knowledge that this approach to threat prevention doesn’t scale to address the tactics used by […]
Posts Tagged: antivirus
By Dancho Danchev In 2013, the use of basic Quality Assurance (QA) practices has become standard practice for cybercrininals when launching a new campaign. In an attempt to increase the probability of a successful outcome for their campaigns — think malware infection, increased visitor-to-malware infected conversion, improved conversion of blackhat SEO acquired traffic leading to the purchase of counterfeit pharmaceutical items etc. — it has become a common event to observe the bad guys applying QA tactics, before, during, and after a malicious/fraudulent campaign has reached its maturity state, all for the sake of earning as much money as possible, naturally, through fraudulent means. In this post we’ll profile […]
Just how easy is it to generate an undetected piece of malware these days? Too easy to be true, largely thanks to the rise of managed crypting services, and the re-emergence of the DIY (do it yourself) trend within the entire cybercrime ecosystem. With hundreds of thousands of new malware variants processed by the industry on a daily basis, it’s fairly logical to conclude that over the years, the bad guys have adapted to signature-based antivirus scanning protection mechanisms, and have achieved disturbing levels of automation and efficiency. How do they do that? Let’s find out by profiling a recently spotted Web-based DIY […]
There are a number of similarities between biological viruses and those which infect our PC’s. For one, both types of infections rely on mutations to evade detection and survive. The faster the mutations, the more difficult an infection is to combat. This is because those who spend their time and effort fighting such infections are likely to miss a mutation and therefor lack the chance to create a cure. This point is especially true with traditional antivirus technology where discovery and detection techniques have not kept up with the rapid pace of mutations common in today’s threat landscape. The recent NY […]
How is it possible that in an industry dominated by advanced performance metrics and benchmarking tests, cybercriminals still manage to release unique malware that remains undetected for weeks by major antivirus vendors? It’s pretty simple. Cybercrime is innovating much faster than the security industry is.
Aiming to ensure that their malware doesn’t end up in the hands of vendors and researchers, cybercriminals are actively experimenting with different quality assurance processes whose objective is to increase the probability of their campaigns successfully propagating in the wild without detection. Some of these techniques include multiple offline antivirus scanning interfaces offering the cybercriminal a guarantee that their malicious program would remain undetected, before they launch their malicious campaign in the wild. In the wild since 2006, Kim’s Multiple Antivirus Scanner is still actively used among cybercriminals wanting to ensure that their malicious software is pre-scanned against the signature-based scanning techniques […]
Last year, we at Webroot (as well as many other people) saw a huge spike in two specific types of malware: Rogue antispyware products — the ineffective, deceptive kind — and the various tricks the companies that sell rogues use to trick you into downloading (and eventually buying) their bogus products, something we refer to, generally, as Fakealerts. Here’s usually how the trick works: First, you’re fooled into browsing to a Web site which employs any of a number of tricks to install the Fakealert code onto your PC. The Fakealert then begins popping up messages warning you about some […]