trojan overload + + +..

Longboard · Jun 18, 2006

Just when you thought it was safe to go back in the water.

From KMcA blog 13-6-06

Those of you using BOClean have no doubt noted that we surpassed 101,000
"variants" and a "unique count" of over 12,000 and the daily additions have
been simply beyond anything we've ever seen before. And with each passing
day, the number just keep getting worse. On the average day, our analysts
are processing nearly 3,000 files PER DAY from numerous sources and
volunteers. In our first FIVE YEARS of BOClean, we didn't process that many
files! And after our first five years, there were MAYBE 300 trojans out there total!
Click to expand...

Keep that paranoia setting on high!

Dump IE for good:

But here's the worst part - ZLOB, VIRTUMUNDO ("vundo" to most AV's) and a
bunch of spambots and worse have been proliferating beyond belief utilizing
the IFRAME vulnerabilities that Microsoft has STILL not fixed!
Click to expand...

As usual the rest is a good though alarming read.
Even the usually irrepressable KMcA sound stressed.
Lbd

john2g · Jun 18, 2006

Some later info from Kevin today:

"26,000 files, 8,000 variants and 435 new trojans in ONE WEEK"

zopzop · Jun 18, 2006

holy xxxx!

man sandbox/virtualization for teh win! defensewall/bufferzone/geswall/sandboxie/tiny firewall professional/deepfreeze/shadowuser(surfer)/first defense ISR/rollback rx should be the first line of defense to any truly paranoid user. many of them are totally free! see my sig

i'm amazed signature based anti-malware vendors havent' been overrun yet.

TNT · Jun 18, 2006

I've sent dozens of samples to Kevin lately. His support has been excellent (almost always including the new samples whithin the next day). And I agree with his assessments, the situation these days is simply unbelievable; the number trojans that are being thrown out every day is astounding. The Zlob trojans are being produced to a rhythm that I didn't think was possible, the methods of infection become more and more complex and automated: their methods of infection, particularly when it comes to the CWS gangs, have gone from a simple html page with exploits to a method that includes complex "ever changing" javascript obfuscation routines clearly built from server-side scripts, server-side AND client-side "user agent" sniffing (with the especially crafted exploits being used as a result), constant automated "rotation" of the trojans as to make it impossible to define a single download point, social engineering and semi-social engineering tactics, a great amount of domains and an unbelievable amount of subdomains to avoid "hosts" files, etc.

Just yesterday I found a site actively throwing exploits, trojans and *rootkits* with files that were undetected by *any* AV/AT (see http://cut-thecrap.blogspot.com/2006/06/is-av-industry-failing.html... and yes, some find them now simply because I sent the samples).

Log in or Sign up

trojan overload + + +..

Longboard Registered Member

john2g Registered Member

zopzop Registered Member

TNT Registered Member

Log in or Sign up

trojan overload + + +..

Longboard Registered Member

john2g Registered Member

zopzop Registered Member

TNT Registered Member

Useful Searches