Rustock C no longer a myth, no longer a threat

Discussion in 'other anti-virus software' started by Meriadoc, May 6, 2008.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    This is why I thought it is a strange story.
     
  2. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    i have contact trend suport and they say:

    ~~ removed content of private IM conversation per Forum TOS (first paragraph regarding posting the contents of private communications) - All you needed to say was the guy from Trend disagreed and says they detect it, not post his name and all his written lines.~~
    / / / / / // / / / / / / // / / / / // / / / / / / / / / // end of chat

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_RUSTOCK.AH

    so dr.web is not telling all the story
     
    Last edited by a moderator: May 7, 2008
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Attracting clients with any methods... another Polipos-like story :cautious:
     
  4. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    everyting is valid to atrack new costumers...is the bussines,unfortonaly.
     
  5. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    And Trend Micro says that the detection happened on

    Pattern release date: Jun 14, 2006

    Wow... I don't know what to believe now.
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I just dig into my virus collection and found a lot of costrat (Kaspersky) or Rustock rootkits. All are very well detected. I don't know what to say. o_O
     
  7. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    on trendmicro page say:

    Trojan-Clicker.Win32.Costrat.ac (Kaspersky), Spam-Mailbot.c!Rootkit (McAfee), Backdoor.Rustock.B (Symantec), TR/Rootkit.Gen (Avira), Troj/Rustok-O (Sophos)


    so the rookit is "old"and trendmcro detect and remove all the variants,like another av companys.

    maybe what dr.web want say is:

    dr.web only discovered that virus on october 2007..lool xD

    the c variant was discovered by trendmicro on: jun,13 2006

    like can see on:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=RTKT_RUSTOCK.C

    and variant c was detected:
    Aliases: Generic.dn (McAfee), Backdoor.Rustock.A (Symantec), TR/Rootkit.Gen (Avira), Troj/RKRustok-B (Sophos), Backdoor:Win32/Rustock.gen!A (Microsoft)
     
    Last edited: May 7, 2008
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Without a copy of the sample that DrWeb are talking about, it's impossible to know for sure. Though I personally smell something fishy about their "We're the only ones who detect this!" story as well.
     
  9. sergeyko

    sergeyko AV Expert

    Joined:
    May 16, 2006
    Posts:
    56
    This is not the "real" Rustock.C that trend detects.
    We keep checking the samples on Virus Total, no result. If that continues, we'll send them directly.
     
  10. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Strange and confusing. We NEED a sample.
     
    Last edited: May 7, 2008
  11. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    trendmicro chat say. trendmicro detect that virus.and give me that link.but aniway dr-web story is strange.is like the story about the virus delete all the hadr disk.lool.i have contact trendmicro.the costumers of antoher av companys ask to him to.

    i don't believe on that story.

    i go ask on symantec chat suport
     
  12. sergeyko

    sergeyko AV Expert

    Joined:
    May 16, 2006
    Posts:
    56
    Users can't get a sample, that's illegal.
    See this, maybe it can be a kind of an evidence:

    ~~ removed Virus Total results link per forum policy and because without the file in the hands of other virus labs there is no "proof" of anything ~~

    Except two heuristic detections, which are mostly useless in that case with that virus, nothing.
     
    Last edited by a moderator: May 7, 2008
  13. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    I mean that a sample is needed to be distributed....
     
  14. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    I did not try to provide "evidence".
    I just tried to create some balance with regard to an unfundamented opinion.
    I have never stated or suggested that Dr.Web is the best AV.
    Show me such a post and I buy you a license (for Dr.Web ofcourse :D ).

    What about a surgeon who only can diagnose but cannot cure you?

    My take is that the best AV does not exist for a group of users. The best AV is the one that protects YOUR computer.

    No, I have not: the Doctor keeps my system as clean as a church floor; it deserves my trust.


    See my signature. :eek:
     
  15. sergeyko

    sergeyko AV Expert

    Joined:
    May 16, 2006
    Posts:
    56
    Ask them if their specialists participated the last eicar conference.
    http://www.eicar.org/conference/agenda.htm
    TUESDAY, 6th May 2008
    9:00 - 9:30 am Invited talk:
    Vyacheslav Roussakov, Dr.Web Anti-Virus Research Lab.
    Win32.Ntldrbot or Rustock.C: myth and reality

    Nobody who was there said drweb was wrong. They took it seriously.
     
  16. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    nobody is sayin what av is the best,only see if is true or not.


    the norton chat,say they are able to detect and delete witthout problem.

    mcafee don't coment.


    yes i now they are not playing.only see if another av companys know waht is.and sinceraly was not the first time a av company do that marketing strategic
     
  17. sergeyko

    sergeyko AV Expert

    Joined:
    May 16, 2006
    Posts:
    56
    marciocruz, believe what you want to believe.
     
  18. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    right,i believe on the thinks i want.:D
     
  19. ola nordmann

    ola nordmann Registered Member

    Joined:
    May 6, 2007
    Posts:
    89
    Different tools for different jobs ;)

    Btw, for a medical diagnose I don't think you go see a surgeon, but rather your regular doctor or a specialist in a particular field. Or maybe you need an x-ray, which is analyzed by yet another specialist - a radiologist.

    So, in terms of computer protection, I would rely on different mechanisms. Most of my systems run linux so antivirus is not an issue, and I use very different techniques for protection, but for my WinXP box I prefer to use an AV with good detection for everyday use. I don't need an AV with excellent cleaning abilities 24/7 because (as mentioned in my previous post) I haven't had a live infection in 15-20 years. The only malware I have recieved after that, have either been deleted (either automatically by antivirus or manually by my superior malware-detecting brain :D ) or I have purposely run the malware in a virtual machine for analysis. So my point is, if I one day need to clean my system I would go look for an excellent cleaner, but until that day...

    I'm not saying this to be negativ towards Dr.Web. If they happen to have the best cleaning in industry (i can't judge on that one), then kudos to them! But people seem to have different needs, and personally I much prefer excellent proactive detection than cleaning up the mess afterwards.
     
  20. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256

    100% agree
     
  21. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    "Protection is better than reaction":)

    Now, I would rather not be so worried about this stuff. In a way or another, sooner or later, all the (important) antivirus (and anti rootkit) companies will get the hands on that Rustock, and it will be forgotten as it's predecessors. That is, until a new type of malware will be found. And only a few antivirus companies will find it. Soon after, all the other will. And so on again and again...

    This is how the chain of life works.
     
  22. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    i agree with you to,personaly i'm no worrie about that.and is a question of time untill (like you say)all the company's detect that.until ther i will continue with the same protection i have here.

    if someone get infected have 1 option:

    format c :argh: :p
     
  23. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Lol doesn't seem a good way, I've got around 400 programs installed and formatting would result in a 30 day period passed to search for and download that programs again.:argh:
     
  24. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    i'm just kiding.lool.xD
     
  25. yaslaw

    yaslaw Registered Member

    Joined:
    Feb 27, 2005
    Posts:
    168
    Location:
    Poland
    BTW - I recommend article about MBR rootkits that was published on the GMER site: http://www2.gmer.net/mbr/ - It's not about that particular rootkits - but it give us a clue how malware autors are trying to improve stealh techniques.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.