PDA

View Full Version : 'Super' Malware. Is NOD effective against such?

Bilby
February 18th, 2005, 08:01 PM
Sounds pretty nasty (http://www.computerworld.com/securitytopics/security/story/0,10801,99843,00.html).

Bilby
DanL
February 18th, 2005, 09:51 PM
This is something that DiamondCS Process Guard will stop.
I use NOD32 and I'm quite happy with it, but I don't think any AV product stops that type of threat.

Dan
webyourbusiness
February 18th, 2005, 09:53 PM
root kits are nothing new to the *nix world - if you secure your machine, you can prevent the root kit infiltration - if your underlying operating system has more holes than a swiss cheese, you're potentially in trouble...

If the lessons learned in the *nix world are applied to the 'doze platform, we might have half a chance of locking out the blighters - firewalls up is the first line of defense...
webyourbusiness
February 18th, 2005, 10:05 PM
it might not be the same, as I think they are distributing the source of hacker defender, not a compiled binary - but on visiting both the source web site and it's mirror, attempting to access the .rar files purporting to contain the hacker defender files and also it's associated downloads yielded a red NOD32 terminate/quarantine option box - ie, NOD32 found "Multiple infiltrations" in the .rar files I was attempting to download.

Either it means that the files were trojans in their own rights pretending to be the hacker defender sources, or the folks at Eset are well on top of this game at the moment.


hth

GHL
Bilby
February 19th, 2005, 07:55 AM
{QUOTE-> it might not be the same, as I think they are distributing the source of hacker defender, not a compiled binary - but on visiting both the source web site and it's mirror, attempting to access the .rar files purporting to contain the hacker defender files and also it's associated downloads yielded a red NOD32 terminate/quarantine option box - ie, NOD32 found "Multiple infiltrations" in the .rar files I was attempting to download.

Either it means that the files were trojans in their own rights pretending to be the hacker defender sources, or the folks at Eset are well on top of this game at the moment.


hth

GHL <-QUOTE}

I tried to download the zipped exe to a virtual space and IMON caught it immediately. Like you said, I'm not sure if it was what the file contained or if it was an attempted direct infiltration.

Thanks for the responses.

-Bilby