Webroot SecureAnywhere Antivirus 2012 short review
As requested by one of the site’s visitor, today I have tested Webroot SecureAnywhere Antivirus 2012 (hereinafter referred to as WSAA) against the same bunch of malware as in the last article, to make a comparison between it and ByteHero Unknown-virus Detection Software (BDV). The main idea was to test the heuristic analysis capabilities of these products. With an installer of about 618 KB, WSAA seemed to be another revelation and when I received the trial installation key in a webpage containing also this warning: Fasten your seatbelt. You’re about to experience the fastest, most effective Internet security you’ve ever seen. my adrenaline level was raised to the sky. So after …
ByteHero Unknown-virus Detection Software (BDV) review
A few days ago when I was scanning a file on virustotal.com, I noticed a name less known to me: ByteHero. Googling a bit I found the official product website at: http://www.bytehero.com/english.asp. The software is developed in China by ByteHero Information Security Lab and is promoted as a first class dynamic and static heuristic analyzer. Because the main component of it is a heuristic detection engine, the software does not need a virus signatures database therefore there is no need to be updated very often like other antivirus software. Perhaps you will ask why I give so much attention to this heuristic detection engine. Because, I remember the times(just a few …
Android malware invasion – only time can tell
These days the debate about Android platform malware become more intense than ever. On one side the open source and public sector engineering manager at Google, Chris DiBona wrote an article at Google+ blog containing some incendiary sentences like: No major cell phone has a ‘virus’ problem in the traditional sense that windows and some mac machines have seen. There have been some little things, but they haven’t gotten very far due to the user sandboxing models and the nature of the underlying kernels. ………………………………. Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. …
TDL4 TDSS Bootkit gets improved
The improvements in the new TDL4 bootkit versions are suggesting that the original code was outsourced. For example in the older TDL4 versions the computer infection was initialized by infecting the Master Boot Record(MBR) of the hard disk with malicious code and the attempts to fix it were initially thwarted hooking and malforming the disk read-write operations. In the recent TDL4 versions, the bootkit does not infect the MBR anymore, instead it creates its own primary and hidden partition with a new improved virtual file system at the end of the hard disk, add an entry in the partition table pointing to it and mark it as active, that’s mean …
Antispyware 2011, the most credible fake anti-spyware
The keyword “antispyware” has around 2000,000 monthly searches in Google search engine and it’s obvious why nowadays when the security related websites are abundant with news about new computer trojans, new dangerous creations which have in fact a unique objective: not to delete Windows installation, not to take over the mouse and keyboard but to spy silently and unnoticed on the victim’s computers or networks, posing a huge risk for all non public data. If we search in Google for keyword “antispyware” the results are depending slightly on the searching preferences as locations and languages but always contains on the first page of results a link to http://www.antispyware.com . It’s …
Backdoor Buterat, a multipurpose trojan
The backdoor trojans from Buterat(Butirat according to Dr.Web security vendor) family appear two years ago on the scene and was improved by its creators with each version. The latest version added new features as self modifying the data in the PE header(the executable file first bytes) in order to modify its hash. This renders unusable or better said ineffective the identification based on file hashes and antivirus detection based on files signature is deceived packing the malware with modified version of UPX. More, it was added the capability to intercept the traffic generated by the main browsers(Internet Explorer, Mozilla Firefox, Opera) especially the requests sent to search engines like Google, …
Tsunami – The new backdoor trojan transform your Mac in a zombie
In computing terms, a “zombie” is a compromised computer used to perform different nefarious tasks, being controlled remotely by the attacker. Exactly this is a Mac OS X system infected by OSX/Tsunami-A backdoor trojan. It seems to be the same trojan as Troj/Kaiten which infected in the past Linux based systems, only this time ported to Mac OS X operating system. The attackers control the compromised systems via IRC channels and one of the main commands the attacker can gives to it remotely is to launch DDos attacks against websites at the attacker choice. Practically a botnet of compromised computers is created and if at a certain moment choosed by …
