back to article World's nastiest trojan fools AV software

One of the world's nastiest password-stealing trojans evades detection by the majority PCs running anti-virus programs, according to a study that examined 10,000 machines. Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Cleanup cleanup, everybody cleanup....

    So what AV's passed and which ones failed, so we can use the right tools to clean this up as fast as we can (for those under our control)?

  2. Tony Paulazzo
    Unhappy

    So tell me about this Ubuntu again...

    This is scary stuff... From http://ddanchev.blogspot.com/2008/04/crimeware-in-middle-zeus.html

    >Written in VC + + 8.0... this is achieved at the expense of small size (10-25 Kb), it can work around most firewalls, works in limited accounts, steal browser passwords, takes snapshots of users machine and can be bought for about $700<

    You wrote >is detected just 23 per cent of time by AV programs<

    And after googling about it, found lots of what it can do, but nothing on how to detect and destroy it. Even the PDF report leaves out the 23% that do detect it and offers no advice as to how they so easily find it on their customers machine.

    Something this capable, which is only going to get better, needs decisive action taken, and not by profit driven anti malware suites, but by governments and police globally working together and smacking these fraudsters with real jail time (what is it, 5 or 6 years for bank robbery?).

    So, does MS Office 2003 run in Wine? can't live without my Outlook.

  3. Anonymous Coward
    Unhappy

    Scaremongering Perhaps???

    Surprising Trusteer who comissioned the study, sell a product that helps combat this. Isn't that a coincidence.

  4. Trevor Pearson

    You can-not be serious.....

    Tony Paulazzo writed "can't live without my Outlook"

    What ? The inconvenience of switching a mail/calendaring app is worse than having your bank account(s) emptied by criminals ? Really ?

    Gobsmackedness

  5. jackharrer
    Go

    Re: Tony

    Yes, Outlook works in wine, it is a little pain to set up - or was when I tried last time, about year ago. You can always run VM, as I'm quite sure you already have license for Windows.

  6. Andus McCoatover

    One-time passwords?

    I've written this before, but to me the only secure way for sensitive sites like banks, etc. is to have a one-time password card - strike out the last number, use the next on the next login. My only slight gripe is that they are only 4 digits - one hit out of a thousand, but...(having said that, 5 misses and you're out. It'll remind you if you've missed the sequence by 1 or two in the sequence, but that's your lot.). If the perps or me try to open a second window, instant logout.

    Oh, and I only use Linux for accessing my bank. Just in case. NEVER the pub XP computer, on which this message is being created.

  7. I Am Fledge
    Pirate

    This is a comment.

    Why won't someone trace down the remote servers it connects to and smash them and their owners to kingdom come.

  8. Anonymous Coward
    Linux

    @Tony Paulazzo

    "can't live without my Outlook" ... as one guy that recently won an election said: yes, you can. More so if you're contemplating the idea of stop keeping up with the never ending Windows malware stream or the possibility of yet another 6 hour Windows reinstall, or the possible inconveniences to your privacy of the malware of the day.

    I've been using Linux at home for the last 8 years, partly to work and part as family use. On the long run, the time I've lost due to some missing software or feature in Windows has been more than recovered by the total lack of any kind of stability or security problems. Not to mention the numerous times that I've discovered that the Linux alternative is far more powerful than the Windows one. Those savings net out the loss of Outlook, at least for me.

  9. J.Wild Silver badge
    Linux

    @Tony Paulazzo

    Ubuntu 9.04 comes with Evolution installed

    http://www.novell.com/products/evolution

    I'm running the 64bit version on this laptop with 4GB memory, sweet :)

  10. Anonymous Coward
    FAIL

    Surprised?

    There is an annoying tendency for the AV vendors to provide "internet suites" instead of core AV products now - which they think are more valuable. £40-50 per year for a subscription _renewal_ of the NIS which bundles on Dells? F-off.

    All the bloaty extra crap, dialog boxes that won't go away, constant internet traffic, constant background scans, personal firewalls, slow Wifi negotiation (yes Norton, you!), phising filters and unwanted IE/firefox tool bars must detract development time from the CORE business of detecting threats! There will be teams of apps programmers across the globe adding yet more pointless bloat to AV suites - sack them and hire some research & detection engine engineers!

    To all AV vendors. Remove the crap. Detect the threats.

    For ~£50 per year you should reasonably expect software that successfully detects existing known trojans. If that is "too hard" get out the business and stop ripping off customers with your fake AV protection.

  11. Anonymous Coward
    Happy

    Real issue

    Yeah, but is it pronounced "zay-us" or "Zoos", or simply "Oh, ^&%^%! Where's all my money gone?"

  12. Anonymous Coward
    Unhappy

    And the solution is?

    Nice panic piece.

    How do we stop it / detect it?

    (and who said depth in journalism was dead)

  13. cdtplug
    WTF?

    WTF

    Tony you get 25 years for bank robbery, but you only get 10 for murder, good old brit justice.anything to do with money and you have had it. I would like to know what software managed to pick this up as well, seems a half written report to me without the answer

  14. dunncha
    Grenade

    Zeus Zbot and PRG, Swine Flu, Credit Crunch ...heart attack

    Just face it people we are all gonna die. and if we don't die we are all going to go broke and if we don't all go broke we are going to borrow too much money and create another credit crunch!!

    No immunisation, no working anti-virus and no hope!

    We are all Doomed I tell you Doomed.

    A list of the 'working' anti-virus's would have been helpful. It would at least of given us the impression that we could do something to protect ourselves.

    icon: Suck on this evil wrong do'ers

  15. Martijn Bakker

    Scary stuff

    A trojan like this, which has been around for over a year, will have many versions. Commercial malware may also come with several capabilities as an option (or custom feature for a specific use/client), changing it's behaviour and patterns.

    It's unlikely that "Antivirus Software A can remove Zeus, abut antivirus software B can't".

  16. mrlumpy
    Alert

    thunderbird with lightning & google provider plugins

    Can't remember if office will run in wine but I use thunderbird with lightning & google provider plugins and it does the job for me.

    The whole IT community has to work together to come to a better security model, instead of constantly bitching about which OS is "best" - infected PCs and nasties on the web have knock-ons for all of us, as was on el reg a while ago we need a seat-beat moment.

    I for one am sick of having to dedicate so much time to making systems "secure" to then have to lather rinse and repeat when the next vulnerability raises its head. We have to stop vendors releasing incomplete, insecure and buggy code as we are the ones that suffer at the sharp end.

  17. Paul Slater
    Linux

    MS Office 2003

    Yep - it runs in Wine.

  18. Paul 4

    @Tony Paulazzo

    1) Who says its MS only?

    2) Your abou to get flamed for saying you need Outlook...

  19. Anonymous Coward
    Alert

    More info

    Can anyone shed some more light on this as this would appear sufficiently serious as to warrant attention? The article doesn't state whether certain browsers nor OS's offer any impunity. Is linux safe as usual? From a quick search there doesn not seem to be any detection tools available either for windows.

  20. Jay Bea

    Virustotal Results

    It looks like there are several versions of the trojan around. This blog (http://garwarner.blogspot.com/2009/09/irs-version-of-zeus-bot-continues.html) provides some analysis of one of the versions (based on IRS spam) and provides link to a Virustotal report which identifies the antivirus software that classifies it as malware.

    BitDefender and GData call it "Trojan.Spy.Zbot.BFK"

    Kaspersky calls it: "Trojan-Spy.Win32.Zbot.gen"

    McAfee+Artemis calls it: "Suspect-29"

    NOD32 calls it: "a variant of Win32/Kryptik.AET"

    Sunbelt calls it: "Trojan-Downloader.Tibs.gen"

  21. Neill Mitchell

    Tony Paulazzo

    Codeweavers runs Office 2007 perfectly including Outlook 2007 :)

  22. Frank Bitterlich
    FAIL

    And they call that "study"?

    What an amazing piece of bollocks this so-called "study" is.

    They claim that by installing (any kind of?) anti-malware, you can reduce the risk of becoming infected by this piece by 23%. Which brand?

    The figure of 55% of infected machines running up-to-date AV is not worth the three characters to print it. WHICH BRAND of AV detects it, and which does not? What they suggest is that whatever brand of AV you're running, it will detect Zeus only if you're lucky. And that, ladies and gentlemen, is utter $&%/#.

    But OTOH, it's a "study", and it comes in PDF form, so it must be true...

  23. Anonymous Coward
    WTF?

    So what is this 'fingerprint'

    This paper is just far too vague. There's no indication given of which AV engines can detect this trojan, and no hint at what the fingerprint left behind is.

    If my AV software can't tell me I've got zeus then I want to be able to find out manually!

  24. Anonymous Coward
    Thumb Up

    ahhh...

    C++ ... still got it

  25. Anonymous Coward
    Grenade

    don't do banking on the internet

    duh.

  26. Anonymous Coward
    Anonymous Coward

    Jailtime?

    Screw that. The writers of these things should get the death sentence. That'll stop the little turds.

  27. Kanhef
    Grenade

    Lies, damned lies, and...

    Their software (provided by a handful of banks) reports if AV software is installed and up to date (according to the Windows Security Center), and if it detects the virus. This isn't the same as testing if AV software detects the virus, and they did no such analysis. Also, the machines their software is on (mostly home computers, I expect) may not be representative of the installed base of PCs overall (including office computers).

    More importantly, they screwed up the math. p(Zeus|AVUTD) = p(Zeus) * 0.77; i.e., the probability of infection given that you have up-to-date AV software is the overall probability of infection times 0.77 . I think they (hopefully accidentally) used this for the final figure. p(Zeus|AVUTD)/p(Zeus|NoAV) = 0.57; you're 43% less likely to get infected if you have up-to-date AV than if unprotected. Still not great, but not nearly as alarming.

    I also noticed that they didn't do any calculations regarding not-up-to-date AV software. Coincidentally, by their numbers, you're 43% less likely to be infected by having *no* AV software than by having it but not updating it. This doesn't make sense, and the only logical conclusion to draw is that their sample size is too small to be statistically accurate. If it's on 1% of all PCs, and they looked at 10,000, they only found about 100 infections, which gives a 9.8% margin of error (95% confidence interval). In other words, the study is all but useless and may or may not be intentional fearmongering.

  28. Anonymous Coward
    Black Helicopters

    Paranoid?

    Its the NSA/GCHQ/Lizard people trying to refloat the economy by stealing money from your bank account.

  29. Anonymous Coward
    Black Helicopters

    Trusteer

    Trusteer wouldn't just so happen to be selling a tool that *does* detect and remove this trojan would it?

    Oooooohhhhh loooook, they make Rapport, which the Royal Bank of Scotland (and possibly others) are very actively promoting every time you log into the RBS digital banking service.

    And now, well stone me, they've found a trojan that only Rapport detects.

    Cracking coincidence Grommit!

  30. Reg Varney

    There's an analysis of an infection of (a variant of?) this

    at http://novirusthanks.org/blog/2008/11/trojan-spywin32zbot-analysis-of-malware/

    From that, it looks like a lot more than 23% are detecting it - though that may well be an older version of the scumware

  31. Anonymous Coward
    Anonymous Coward

    Windows exclusive?

    I guess this is another windows trojan. Anyone know what versions of windows it effects? and which AV software does detect it? Are the smug Mac & Linux communities effected?

  32. H2Nick

    Oh dear...

    ...looks like some very good coders have crossed to the dark side.

    As requested in the first 2 posts - what detects/gets rid of it ???

  33. RichardB

    Great

    But what are we supposed to do about it?

  34. Anonymous Coward
    Anonymous Coward

    Good Lord!

    This leaves us with only one option : accessing our banking websites from live CDs/DVDs/USBs and Microsoft should better give us one for its bloody damn OS we're faithfully using.

    To all non-Microsoft fan boys: stop laughing right now! It's not funny at all.

  35. Leon Prinsloo
    Grenade

    Which browser?

    They also mention browsers, does it affect all browsers, or only certain ones? How does it circumvent most firewalls? Which Antivirus software detects it.. This is important info guys, particularly for the sysadmins out there...

    @ Tony how come you can't live without Outlook? Looked at Kontact or Evolution recently?

    A grenade - because this is going to explode soon!

  36. Roger Stenning
    FAIL

    Typical scare tactics.

    The paper will not - say again NOT - stand up to academic assessment OR critique. There is no reference work listing appended, no experimental details that can be replicated, no listing of which AV products were or were not tested, or even of any control machines that were deliberately infected to show infection processes that should be countered by any future AV products.

    In short, it's hot air.

    I'll be more impressed if a properly researched and published paper on the topic comes out.

    Wonder who is funding this bunch? Knowing that may make sense of the scare tactics.

  37. Big Al
    Paris Hilton

    Fingerprints

    "The company is able to detect it by examining the fingerprint Zeus leaves when it penetrates an infected PC's browser process."

    So given the scale of this threat, I do hope that we can expect a handy standalone detection app to be appearing imminently then? That would, after all, be the responsible thing to do...

    Paris because she's known for being good with standalones.

  38. Mark Aggleton
    Stop

    Simple solution

    Don't bank online.

  39. Darren Bell

    I know this may get flamed.

    I use Windows (as well as lLinux) a lot at work and don't mind it, but made a decesion to use Linux only at home at home. This was one of the reasons.

    Seriously, use Evolution. It's just as good as Outlook when you get used it.

  40. Elmer Phud
    Pirate

    death too good for them?

    "Jailtime?

    By Anonymous Coward

    Screw that. The writers of these things should get the death sentence. That'll stop the little turds."

    Odd that so many read about the huge bonuses paid out of thier pockets to a few yet don't clamour for the ultimate penalty. I wonder how much has been 'stolen' by those who 'deserve' the loot compared to the amounts nicked by the other crooks.

    Must be O.K. if you know who is screwing you. "It's fine dear, we're not being robbed by Russkies, we're being fucked over by our own people"

  41. Julian

    Zeus/Zbot is a family not a unique thing

    Scary. I just did a bit of research. The problem here is that all these "How do we detect it" questions are flawed because there is no "it". Zeus is a toolkit that a criminal buys and customises so there are hundreds, probably thousands, of variants out there. To put this into context, Kaspersky has discovered 6 new variants ...... since I last looked 30 minutes ago! Yes, that's 6 new versions of the Zeus/Zbot trojan in the last 30 minutes. They've discovered 13 new variants today (at time of writing this comment).

    If anyone wants a link to Kaspersky info on this it's here: http://www.kaspersky.com/viruswatchlite?search_virus=zbot&hour_offset=-3

    Looks to me like we need to know which anti virus software's behavioural algorithms will catch it because signature-based detection is having a hard time keeping up.

  42. Stuart 37
    Paris Hilton

    Prevention is better than a cure

    Not been funny, I Could be very wrong but everyone seems preoccupied with how they can protect themselves from this great big evil virus. Well in short, don't go to dubious websites etc and that way you reduce the risk of getting infected in the first place. Or you can run a linux/unix OS which will reduce your infection risk even further :)

    *Paris - Because she isn't bothered about penetrating infections and doesn't use Trojans*

  43. Tony Paulazzo
    Linux

    Cheers for the responses

    >Oh, and I only use Linux for accessing my bank. Just in case.<

    Well I installed a dual boot of Ubuntu a few months ago, got it all working and everything, but then never used it after I sussed out how it all worked. But this is making me rethink, and thanks for the pointer to Evolution - it looks good.

    As for, 'why Outlook?' Shrug, devil you know and all that, but, the windows vulnerabilities (assuming this doesn't affect Linux and Macs), is getting ridiculous. I pay Bitdefender £25 a year to slow my system down, lockup when the PC goes to sleep sometimes (just guesswork here), and slow my surfing to a crawl.

    Time for a change. (First time I've used the penguin I think).

  44. madferret
    Stop

    But...

    Ok, so the evil guys get into my online banking account. But to transfer money out of the account they need a PINsentry card reader (easy to obtain - I have about 10 from different banks!) and my Chip and PIN card to generate the authorisation code - not so easy to obtain. Or am I missing something here?

  45. The Original Steve

    @Anonymous Coward Posted Friday 18th September 2009 07:34 GMT

    Your a moron.

    This isn't some sort of Windows security hole. It's software that's been installed / ran by a user (and if it uses a root-kit they'll need admin rights) that does what the developer intended.

    Your telling me Linux prevents that?! If so I'm glad I don't develop for it.

    Number of major flaws on OSS recently only backs up the theory that malware is targeted for the biggest audience rather than the weakest platform - which would be any platform with the largest number of users who happily install any old crap that comes on a email.

    P.S. Now installing Windows 7 on a VM. 15 minutes total install time.

    Better than Linux? Not really. 6 Hours? Get a watch.

  46. Grease Monkey
    Joke

    @AC - Windows Exclusive

    "Are the smug Mac & Linux communities effected?"

    They most certainly are, but as to the real question of whether they are affected I presume not.

  47. Chris 116
    Big Brother

    By Zeus's beard!

    Sounds like AV company propaganda. Think about it... The average consumer mindset believes in the strongest brands to provide the best service. Thus, in the face of extreme fear such as having your bank details sniffed who they gonna call? It sure aint gonna be ghostbusters. Probably Norton or Mcafee.

  48. MyHeadIsSpinning
    FAIL

    List of AV's and results

    ...or it didn't happen.

  49. Anonymous Coward
    Megaphone

    Oh noes

    We're all gonna die!

  50. Anonymous Coward
    FAIL

    W00t?

    What a pointlessly inadequate study; it makes no mention of specific AV engines and how they fared.

  51. Michael C

    Thanks for the heads up but...

    Providing a link to tools the specifically target and clean this infection might have been nice, as well as a list of which AV programs have good success rates would also have been nice (cross referenced to their overall success rates with other viri, which might be lower).

    Sounding the alarm doesn;'t do a whole lot of good if you can't actually assist us.

    Some clues as to how it infects the machine, and how to prevent that might also be nice...

  52. Anonymous Coward
    Pint

    Simple solution

    Go down the pub, spend all your money on beer and then it doesn't matter if Zeus steals your account details as there will be no money to steal!

  53. Anonymous Coward
    Thumb Up

    2 words

    key scrambler

    go google.(hint, qfx)

  54. Anonymous Coward
    Linux

    @The original Steve

    "Your a moron."

    Thanks, that sets the tone for the rest of the response.

    "This isn't some sort of Windows security hole. It's software that's been installed / ran by a user (and if it uses a root-kit they'll need admin rights) that does what the developer intended."

    On a platform that defaults to allow such kind of software to run with admin rights because users default to admin rights, perhaps?

    "Your telling me Linux prevents that?! If so I'm glad I don't develop for it."

    It does not completely prevent it, just makes it more difficult. Nothing can ensure peace of mind, but there are ways to minimize it. Windows has to deal with a lot of badly written software that simply does not know how to run without admin rights, even if it is perfectly possible. What I cannot understand is the second sentence: are you glad developing for a platform that allows users do stupid things?

    "Number of major flaws on OSS recently only backs up the theory that malware is targeted for the biggest audience rather than the weakest platform - which would be any platform with the largest number of users who happily install any old crap that comes on a email."

    Whatever the reason, you seem to have reliable data on the number of OSS flaws versus other platforms, care to share that evidence? I'll share my evidence. Number of security outbreaks, infections, or any other kind of attacks in 2 Linux home boxes in 8 years:zero. Without running any kind of antivirus or similar security tools. Just the home router firewall, thanks. 8 years without devoting a second of my time, a cycle of my CPU or a byte on my hard disk to protecting me from something that should not be so easy to happen in the first place.

    Whatever the reason, fact is, Linux is more secure. I don't care if it is because not popular or because is more secure or probably because both things at the same time. The plain fact is that Linux is more secure.

    I'm ready to admit that if you configure Windows properly you can achieve similar levels of security. But that will be at the cost of some software not working properly, some of your machine resources devoted to that, plus the time you need to spend doing it. And yet after all that you'll not be free from things like SMB exploits happening.

    "P.S. Now installing Windows 7 on a VM. 15 minutes total install time."

    Mmmmm.... interesting, you really should post a YouTube Video of your VM W7 install, I'm sure the world will be shocked to know that you can install on that short time. Again, care to provide proof?

    "Better than Linux? Not really. 6 Hours? Get a watch."

    No, not really, I was making that number up. Make it 30 mins for the base OS, another 30 mins for Office and 2 and half hours of applying service packs, patches and rebooting. Only 3 and half hours, tops.

    Ubuntu comes alive in 45 minutes, patches incuded, with office productivity, mail client, etc, already installed.

    Oh, perhaps in your world where everybody who does not think like you is a moron time runs differently. But thanks to you and people with your midnset, Windows will always keep a big market share and the rest of the world will be safe. Please keep using Windows, Linux does not need users like you.

  55. Tony Paulazzo
    Terminator

    @ Stuart37

    > Not been funny, I Could be very wrong but everyone seems preoccupied with how they can protect themselves from this great big evil virus. Well in short, don't go to dubious websites etc and that way you reduce the risk of getting infected in the first place.<

    Good thinking... only one of the Zeus variants infecting systems was coming from the Paul McCartney site (just re released all the Beatles library in cleaned up Mono and new Stereo - not him, but you can bet his website has surged with visits).

    Unless you consider him dubious, which is fair enough.

  56. Pirate Dave
    Joke

    world's nastiest trojan

    I'd think that would be any that Ron Jeremy takes off.

    Sorry, I'm just leaving...

  57. Richard North
    Linux

    Office under wine

    Office up to and including 2003 I've run without problems under wine - the one thing that still defies me is Publisher, which is a pita because certain people insist on sending me stuff in .pub format, damn their eyes.

  58. QrazyQat

    OMG Doom! Again!

    OMG Doom! Again! As usual, our only hope is to become customers of security firm Trusteer.

  59. Brett Leach

    Variants and stealth features. Not 23% of AV products...

    ...but a 23% (average) detection rate, regardless of AV product. Some did better, some almost certainly failed utterly, but none was able to detect/block with 100% surety, because the proliferation of variants (and ability to obfuscate any signatures) leaves the AV vendors trailing a long way behind.

    Seems like this might be a better interpretation of some rather loose language.

    A new varriant every 5 minutes makes it very easy to get bitten when your AV software auto-updates only once a day.

  60. Jason DePriest

    My first question

    was: "What are they selling?"

    After reading the report and finding no actionable information, I asked again, "No, really. What are they trying to sell me?"

    Seems Trusteer has just the thing to fix the very problem they say nobody else can fix.

    Convenient, that.

  61. Keith Oldham
    Linux

    Good grief !

    The 'report' seems to be a poor product, with little info., terrible analysis and liitle evidence etc.. Unfortunately it has been echoed around the globe by many on-line publications. I note SANS has not joined the hysteria.

    As for the OS - let each choose their own - I choose Linux (since ~1993), if anyone feels safer with anything else then so be it. Unfortunately we all have to live with this situation and hysteria, bitching, misinformation and plain ignorance does not help. This menace needs to be tackled with a united front. For banking one-time passwords seem a very sensible way forward, combined with a broad array of measures including : suspicion, care, good AV, safest web-browser, updated software, bank security measures.

    I choose Linux, Firefox (with NoScript ), Thunderbird and a healthy dose of scepticism, anyone else is naturally free to differ.

    By the way free software (esp. Linux) is not just free as in free beer but free as in FREEDOM.

    Installing Linux on most hardware ( I have 6 systems I care for ) takes 30 -60 mins ( I mostly use OpenSuse ) and does NOT require the use of the command-line - but what a blessing it can be.

    I'm not anti-MS but I only run one laptop with XP, mainly for a small number of programs that are better than the Linux alternatives - I use Linux for the greater number that are better or as good for my purposes.I certainly don't consider it healthy for the entire world to be dependant on 1 OS apart from any other considerations. It's like ALL of us having the same MHC (http://en.wikipedia.org/wiki/Major_histocompatibility_complex) and therefore being equally susceptible to a (biological) infection wiping the whole planet out.

    Spleen voided

    Have a good weekend.

    ( I think the guy who suggested spending everything down at the pub as a security measure was more useful than most of the other comments !)

  62. Anonymous Coward
    Headmaster

    @ Grease Monkey

    The Mac and Linux communities are affected by the news but the virus has no effect on their computers; their smugness is effected but not affected.

  63. deegee
    Thumb Down

    nix *nix

    @Anonymous Coward 14:48

    "...W7 install, I'm sure the world will be shocked to know that you can install on that short time. Again, care to provide proof?"

    Installation time of Kubuntu and Windows 7 RC on my Atom-based Internet PC are virtually identical.

    Kubuntu is longer to configure overall though since many of its default base apps are junk and have to be replaced with others from the packager.

    Oh, and FYI, Windows 7 performs better on this system than K/Ubuntu because it is using a threaded UI -- K/Ubuntu lags like terrible on the UI when torrenting etc.

  64. Joe Ragosta

    Trojan writers

    If any politician would suggest implementing a law that would create the death penalty for people who write trojans or viruses, I'd vote for them in a minute. Add in life without parole for anyone creating bots that add messages in forums and I'd nominate them for sainthood.

    I use a Mac and I'm smart enough not to fall for social engineering crap, so it doesn't directly affect me. But it makes my life a lot more difficult. The small online forum I host gets about 5 real messages per week - but about 30 spambot messages per week, even though all the security is turned on (phbb). I spend a lot more time getting rid of the spam crap than dealing with the forum.

    it's about time that someone does something about this. There are reasonable technical solutions in addition to tracking the people down and leveling criminal penalties.

  65. cordwainer 1
    Badgers

    The biggest problem is education and the industry....

    If the OS-whiners could pause their usual knee-jerk kindergarten argument about who is fit to run Linux and "smug" users, they might actually notice what the biggest reported problem is with keeping computers free of infection:

    "Of Zeus-infected machines, about 31 per cent don't run AV at all and 14 percent run AV that's out of date."

    Or, close to half of all Windows users seem to believe they are invulnerable to attack. This is a MUCH bigger deal than Mac or Linux users touting OS's that, let's face it, ARE vulnerable to fewer viruses. This is a much bigger deal than arguing about how secure Windows is or isn't.

    Maybe we could someday stop all the time-wasting and figure out how to get computer users to put antivirus software on their machines? Maybe the manufacturers could start including some kind of educational material, or AV software that doesn't bog down the entire system and expire after 60 days? Maybe the tech support staff who like to sneer and make jokes about idiot users could make politely imparting information and explaining the need for basic security part of their job?

    Because I can tell you, out here in the support trenches, the AV numbers are even wors.. People will look straight at you and say they still don't understand why they need to worry about AV software, because they don't bank online, or have any confidential information on their computer, etc., etc. It takes time to explain about things like botnets and denial of service attacks and being a good net citizen, not to mention all the nasty problems viruses can cause them as well. Making AV software available for free hasn't even helped.

    Maybe we could all band together and petitions ISPs to kick infected machines offline until they clean up their act? Require subscribers to prove they know how to keep their AV software up to date before they can get an account in the first place?

    The problem is not smug Mac/Linux/Unix/BeOS/OS2/VMS/DOS/CPM/abacus/sliderule-insert-your-favorite-non-Windows-alternative users who AREN'T getting and spreading viruses like Zeus. The problem is the huge percentage of Windows users who ARE.

    Not knowing how the different AV engines performed doesn't make this report "inadequate," as one person put it. 45% of users had no protection or out-of-date protection. If there's anyone reading this who doesn't already know how the "nothing" AV engine fares in tests, raise your hand.

    A 100% failure rate over 45% of users is a fairly scary, and certainly adequate, statistic. It makes the virus itself seem quite harmless in comparison to the toll taken by the apparent failure of an entire industry - one that has dropped the ball where educating users and increasing security is concerned.

    snark snark snark grrrrrrr

    cordwainer

  66. jim 45
    Alert

    everyone please read Chris Morley's post

    Nail on head. Many of us routinely remove any preinstalled AV software from friends'/relatives' PCs because it's bloated, intrusive, buggy, overpriced nagware that causes more problems than it solves.. We need better products, ASAP.

    AV vendors, please wake up and smell the coffee. Reclaim your image and your market.

  67. blake
    Flame

    not alone

    Go onto any "hacking" forum these days and you'll see kiddies who can obtain software for a few $$ to create a "fully-UD" (undetectable) virus. A 23% detection rate would be seen as poor. These kids buy freely available keyloggers such as turkojan or ardamax and just crypt them to make them UD. These crypted loggers can be sent freely throughout the internet and give thousands of bank details to kids as young as 13. anyone with a Windows PC can do it.

    When i saw the detection rate i was actually suprised at how _high it was.

  68. Dr Wheetos
    Paris Hilton

    PR for the company?

    I attended a meeting with Mr Klein, the CTO of Trusteer, a while back. He asked how effective AV software was these days. He replied that it picked up only 40% of the viruses and malware out there. So I guess if Trusteer can show how good they are at detecting the bad stuff that AV products can't then that's priceless PR for his cause. After all he's in the market of selling his products to the banks!

    Paris, because I'd rather she protect my assets.

  69. Anonymous Coward
    Linux

    linux?

    i've been running Ubuntu for four years now and I would like to say one thing - it's a great OS but the Apps are crap. They should be called "crApps."

    Open Office sucks. Simple. It is nowhere near as good as Office 2007. NEVER do your CV in OOo, unless you're on welfare/jobsearch/dhss/dole (whatever you call it in your home country) and you're only applying to be able to tick a box and collect your cheque.

    Evolution: tried it, pure rubbish.

    ... and try finding a game that runs natively in Linux. Good luck with that. Ditto with trying to get a Nokia phone, USB camera or iPod to work without an emulator (wine, got it. not really a long-term answer though, is it?)

    Tell you what Ubuntu does do VERY well - gives you a free OS to use as a media server. If that's what you need, go Ubuntu. You can even run it on the PC you owned ten years ago. No, really.

    It's not that I don't appreciate Ubuntu - it has run my Squeezecentre for years - but, unless the primary result of you leaving home is that, somewhere, there's a village deprived of its idiot, there's no real difference between linux and windows - good security thinking and practices will prevent infection.

    If you're borderline, buy a Mac - at least the software is written by professionals.

    ... oh, and on the online banking thing - if your bank's website is that bad that you enter a cleartext password, then you need to either change banks or don't use their website. If they have that little respect for your security, they won't support you if it's breached.

  70. Ty
    Jobs Halo

    aww poor likkle Windows-sufferers

    It's fun watching you squirm.

    You realise you spent good money to suffer like this right?

    Get a grip, get a life, get a Mac.

  71. Anonymous Coward
    Linux

    What - another dimdoze pimple?

    Want to meet up and have a laugh later? Go and fetch Alien Arena (cross platform - works nicely in Ubuntu too). I just waiting for the phone to as the masses want another consultation!

    Ha

    Ha ha

    Ha ha ha

    Ha ha ha ha ha

    Ker-Ching!

  72. Anonymous Coward
    Anonymous Coward

    AV is shite

    There are very few AV products that protect users against trojans or keyloggers. But then what do expect from an industry that can't protect against anything it doesn't already know about. The thing that surprises me is why Symantec et all haven't been sued yet for false advertising. None of them do as they claim, often as not they are beaten by the incredible advanced malware technique of renaming the virus or trojan to something not on a list of names of viruses and trojans. Given the wild and unrealistic claims on the boxes of these products, if there was ever something that deserved to be forcibly taken off the market for false advertising, antivirus software would be it.

    I've only found one application that actively guards against malware.. ie. prevents an attack as it happens and doesn't require a hard disk scan to do it. It also finds and removes trojans that most antivirus products won't detect or can't clean from your system. While far from perfect at least it tries to protect the user from themselves in real time, which is more than any other product does, but then PC Tools were always a step above most other software houses.

  73. Emil Schweickerdt Silver badge
    FAIL

    Missing information

    How does it infect a computer? Must the user install it, or does it install itself?

    Also, what is the target OS? Windows? Linux? OS/2?

    - If the user/ne'er-do-well have to install it by hand, then we can rest better. On the other hand, if it can install itself when you browse the Wibbly Wobbly Web, then simply blocking executables and downloads at firewall level and you should be safe.

    - If it can download and install itself, what are the infection vectors it take to install itself? Otherwise this study is meaningless, and just scaremongering.

    - Target OS is too vague. We all have to assume Windows since the majority of viruses is written to target windows. But it will be nice to know for sure.

    FAIL because it's scaremongering.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020