Monthly Archives: August 2013

This is What Scares Me About Traditional Antivirus Programs

So here I was, minding my own little business this morning, when I checked my email for the first time. As I went through the unread emails, I found one from “eFax Corporate []”. I checked the detailed information about that email and it actually seemed legit. Kaspersky had labeled the email as probable spam, but that was it. Nothing else out of the ordinary. And of course, the email had an attachment, compressed. So I decided to look into it.

I raised all my defense mechanisms to the highest, and proceeded to decompress the file that came attached to that email. It turned out to be a program, not a document. I scanned it with Kaspersky. Came out clean. Next, and this is the kicker, I submitted the file to a website that scans it against FORTY SIX different antivirus engines. All the brands you might have heard about and then some. How many of these antivirus engines identified the file it as malicious? ZERO! NONE! Unbelievable. I’m not kidding. Look:

Last Scanned: 2013-08-29 16:24:27
MicroWorld-eScan Not Detected
nProtect Not Detected
CAT-QuickHeal Not Detected
McAfee Not Detected
Malwarebytes Not Detected
K7AntiVirus Not Detected
K7GW Not Detected
TheHacker Not Detected
NANO-Antivirus Not Detected
F-Prot Not Detected
Symantec Not Detected
Norman Not Detected
TotalDefense Not Detected
TrendMicro-HouseCall Not Detected
Avast Not Detected
ClamAV Not Detected
Kaspersky Not Detected
BitDefender Not Detected
Agnitum Not Detected
SUPERAntiSpyware Not Detected
Emsisoft Not Detected
Comodo Not Detected
F-Secure Not Detected
DrWeb Not Detected
VIPRE Not Detected
AntiVir Not Detected
TrendMicro Not Detected
McAfee-GW-Edition Not Detected
Sophos Not Detected
Jiangmin Not Detected
Antiy-AVL Not Detected
Kingsoft Not Detected
Microsoft Not Detected
ViRobot Not Detected
AhnLab-V3 Not Detected
GData Not Detected
Commtouch Not Detected
ByteHero Not Detected
VBA32 Not Detected
PCTools Not Detected
ESET-NOD32 Not Detected
Rising Not Detected
Ikarus Not Detected
Fortinet Not Detected
AVG Not Detected
Panda Not Detected

I started to think, maybe the file wasn’t malicious after all; Then I laughed at myself for thinking that. Since I felt a little lazy, rather than firing up my test computer to analyze the program behavior when opened in real time, I submitted the file to a service that does that for me online, and then emails me the complete analysis results. I got an email back and…

I’ll spare you the technical details but that little file reminded me of that scene in the movie Transformers where a cell phone is radiated with the special beam of energy that animates it and the cell phone transforms into this destroying little machine inside a secure container; It goes berserk. That program did all kinds of things, from creating files, to deleting the original program, establishing network connections, modifying  the registry, on and on. Definitely malicious.

This was the first time I’ve seen a program that is obviously malicious get a 0% rate of detection when scanned with those 46 antivirus engines. I had seen 6/46 or even 4/46, but never 0/46! Must have caught a really fresh one that no one has had the time to label as malicious and incorporate to the antivirus black lists so it gets detected.

But my point and the moral of the story is that, unfortunately, and as I’ve said in several occasions, traditional antivirus detection methods are just not enough to catch all malware anymore. It takes the full 4-prong security model laid out in my pivotal article, written a while back, to ensure the best chance at remaining immune to most attacks.


Fake Web Browser Updates, Latest Trend to Infect Computers

This infection can happen if you visit a malicious website, whether malicious because the creator intended it to be that way, or a legit website that has been compromised. In any case, you’ll see a big warning across your browser window that reads:

Warning! Critical Update!

And then underneath a button that reads “Install Update”.

Two things to be aware of. First, even if you don’t click on the “Install Update” button, you might see a download happening. Needless to say, don’t open that download. Second, if you try to just close the browser window, a pop-up will warn you that you cannot navigate away from the page until you install the update. This is done in such a way that it’s hard to actually close the window. If you are somewhat savvy, use the Windows Task Manager to kill the process that runs the browser window. If you don’t know what I’m talking about, either log off or restart your computer. That will force the window to close.

Hopefully you did not make the gargantuan mistake of opening the downloaded file to “update” your browser, because if you did, and you’re not properly protected, a program will be running in the background that is silently waiting to steal your passwords and send them over to the bad guys.

If you have proper protection in place, such as the model I laid out 4 years ago, you will be safe against this attack. I specifically tested this on a computer that had Kaspersky antivirus, Malwarebytes Anti-malware Pro, and AppGuard installed in it, and each one independently blocked or quarantined or deleted the malicious downloaded file.

And of course if all fails you can always contact me.

Love Kaspersky Products. The Support Staff? Not So Much

Kaspersky Internet Security, the antivirus security suite, includes as part of its features the possibility to create a “rescue disk”, which you can use to boot your computer with. in order to handle highly infected computer systems. In trying to use it, I ran into a snag in a computer. The rescue disk did not load successfully.

I searched for an answer to the problem and found this article: It lays out what to do to gather information about the computer one is having trouble with, so the Tech Support staff can help resolve the situation. At the end of the article it says “Create a request to Kaspersky Lab Technical Support via the My Kaspersky Account service. Attach the created file to the request.” And so I did.

The response I got?

 1. An automated response.

2. An automated response based on the type of problem I chose during the creation of the request.

3. The following email: 

“Hello ,

Thanks for communicate with us and I apologize for the inconvenience. In your case read the instruction to check the options for this process and if you went thru and still having the issue I will recommend you to look for a tech service.

Thank you.”

4. When I replied stating I was still having the issue, and after A WEEK, I got this reply:

“Hello ,

Thanks for the response. I’m sorry but will be better for yu to take the computer to a computer technician.

Thank you.”

 I’m letting Eugene Kaspersky, the CEO of the company, know my thoughts about his company’s Tech Support division.

Computer Basics – What is an “Operating System”?

A while back I covered, in a series of articles,  the vast majority of the computer components, as far as hardware (the physical components of a computer) is concerned. So now, to understand Operating  System, let’s talk about software.

Computer software is, simply put, a program. And what is a program? A sequence of commands for the computer to execute (carry out), normally contained in a file. That’s all it is. So whether it’s a word processing program, a video player, or an operating system, it all falls under the category of software.

Now, an operating system is a special kind of software, because it acts as the middleman between the hardware and all the other software. You could say it goes

Hardware –> Operating System –> All other software –> User

When you install, run, uninstall a program, all these tasks are possible thanks to the operating system. So you can see why the operating system can be called a kind of platform.

The above is the most basic explanation for what an operating system is. I have tried to keep it as simple as possible, and hopefully I’ve succeeded. Most importantly, I hope I didn’t put anybody to sleep! 🙂