•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Tech Talk category of DaniWeb, a massive community of 370,589 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,023 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Tech Talk advertiser:
Sep 1st, 2007, 1:04 am
I was at a government agency recently doing an on-line audit of a portion of their network – almost 655 pcs. They had quite a bit of security measures in place including updated resident software, multiple firewalls, limited user privileges and did regular anti-spyware scans with a program that was specialized for this.
Needless to say, they were pretty shocked when I found keyloggers, screenloggers, a rootkit and downloader Trojans. They were also saturated with high danger level adware that made their network vulnerable to additional malware downloads. Almost 100 workstations out of the 655 scanned were infected.
While I was there doing the malware audit, they were hit by a massive spam attack. The email offered a free Microsoft product download. About a quarter of their 6000 pcs received the spam. Some of the users on the network were savvy enough to think “maybe this is suspicious” and reported it to their help desk but, unfortunately, over a dozen employees did click on the links to find out what great deal they could get.
The resident antivirus software installed on the network workstations did not detect that there was a Trojan embedded in a link in the email. The Trojan embedded is one that is known to download additional malware, often a keylogger.
The IT security professionals who took care of this government agency network were concerned that this spam was a targeted attack at their state government so I sent the information to PandaLabs to check out. It turned out that the Trojan was a general attack and that it has actually been a known malicious code since 2004 but was not included in the signature files of their resident antivirus software.
You might wonder, like they did, how could a major antivirus software package miss this kind of malicious code?
In several ways.
Every antivirus software program has a capacity of how large a signature file it can handle. It’s in the architectural design of the application. Sometimes older signatures have to be purged to make room for newer signatures.
Also, due to the vast volume of malicious code that’s in the wild now (PandaLabs receives more than 3000 unique suspicious samples every day) many of the antivirus labs are overwhelmed and just do not have the manpower to process and create vaccines for all the variations. So what happens is a definite percent of malware never gets analyzed and no vaccines are created to detect or disinfect them.
Current certification programs of antivirus software test the effectiveness of the software against a “wild list” of known viruses. The testing is rigorous, however, the certification requires that the software is able to detect and clean only several hundred thousand virus samples (usually between 200,000 to 300,000). As a comparison, the collective intelligence at PandaLabs has over 1.5 million signatures of viruses.
Welcome to the real world! Are you really protected? Prehapes not.
Needless to say, they were pretty shocked when I found keyloggers, screenloggers, a rootkit and downloader Trojans. They were also saturated with high danger level adware that made their network vulnerable to additional malware downloads. Almost 100 workstations out of the 655 scanned were infected.
While I was there doing the malware audit, they were hit by a massive spam attack. The email offered a free Microsoft product download. About a quarter of their 6000 pcs received the spam. Some of the users on the network were savvy enough to think “maybe this is suspicious” and reported it to their help desk but, unfortunately, over a dozen employees did click on the links to find out what great deal they could get.
The resident antivirus software installed on the network workstations did not detect that there was a Trojan embedded in a link in the email. The Trojan embedded is one that is known to download additional malware, often a keylogger.
The IT security professionals who took care of this government agency network were concerned that this spam was a targeted attack at their state government so I sent the information to PandaLabs to check out. It turned out that the Trojan was a general attack and that it has actually been a known malicious code since 2004 but was not included in the signature files of their resident antivirus software.
You might wonder, like they did, how could a major antivirus software package miss this kind of malicious code?
In several ways.
Every antivirus software program has a capacity of how large a signature file it can handle. It’s in the architectural design of the application. Sometimes older signatures have to be purged to make room for newer signatures.
Also, due to the vast volume of malicious code that’s in the wild now (PandaLabs receives more than 3000 unique suspicious samples every day) many of the antivirus labs are overwhelmed and just do not have the manpower to process and create vaccines for all the variations. So what happens is a definite percent of malware never gets analyzed and no vaccines are created to detect or disinfect them.
Current certification programs of antivirus software test the effectiveness of the software against a “wild list” of known viruses. The testing is rigorous, however, the certification requires that the software is able to detect and clean only several hundred thousand virus samples (usually between 200,000 to 300,000). As a comparison, the collective intelligence at PandaLabs has over 1.5 million signatures of viruses.
Welcome to the real world! Are you really protected? Prehapes not.
This blog entry was written by er23456. It has received 746 views, 0 comments, and 1 linkback. 1 voter has rated this entry 5 out of 5 stars.
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- How to put in a new motherboard without losing your Operating System (3 Days Ago)
- Implementing a *Real* Internet Highway (6 Days Ago)
- Even prayer cannot help Jesus Phone owners today (8 Days Ago)
- Why bother with an Apple iPhone 3G? (9 Days Ago)
- Steve Ballmer Needs to Grow A Spine (12 Days Ago)
- UK runs out of iPhone 3G handsets four days before launch (12 Days Ago)
- Viacom defends itself over YouTube data log disclosure (14 Days Ago)
- Apple slow to patch iPhone security holes (14 Days Ago)
- Microsoft 'Equipt' to Battle Free Software (14 Days Ago)
- 12,000 laptops lost in US airports EVERY WEEK (15 Days Ago)
Related Forum Threads
- Word Association Game (Posting Games)
- The "answer movie name with movie name" game (Posting Games)
- Tell us about yourself! (Community Introductions)
- Concept to fruition - the chronicle of a new site (Growing an Online Community)
- Overclocking my cpu (Motherboards, CPUs and RAM)
- CG movies (Troubleshooting Dead Machines)
- Uninstall Windows ME (Windows 9x / Me)
