Zbot authors just love Avira?

A few of the recent variants have a string in the header:

"Hello stupid developers of the Avira Antvir. You can use this string as signature of this PE =). RZSD"

Seems somebody got upset.

 

On the next variant you'll find a cyber-posy in the resource section

 

hmm.. I wonder where those 'greetings' come from

 

Thats exactly what AVIRA is doing, churning out sigs that only work on one MD5. That is not sustainable.

 

Thats so not true... Same signature clearly covers files of different sizes and structures. Not to mention generic signatures ending with ".gen"...

 

I think Stefan won't be so happy to read this

btw: what proofs do you show all to support your sentence? There should be really good proofs to prove this, even because if it's true then you should even explain why Avira is scoring well against file infectors or against malware using polymorphic cryptors

Edit:

just an addition, to better explain what I mean: it can be possible to use sometimes signatures based on some checksum algorithm, but as I can understand that post, looks like you're saying *all* Avira's signatures are based on MD5

 

Actually, that is a common approach these days. Add static detection until a generic detection is released. Well, unless you are one of those who think that it is better to have no detection rather than a "flawed" one.

 

Don't you see such "messages" regularly?

I was looking at some malware recently that had some nice references to a certain AV company in it...something a bit too nasty to post here

 

I think they are unhappy with the way you dealt with them, you kick their left ass when they supposed you should kick their right one.

 

Stefan, please check my PM.

 

yep, i must be one of these...

id love to see the computers files, after avira attempts to rid the computer of this nicely detected threat.

 

Virus writers start to fear Avira because it causes them troubles in coding the malware.
That's a good job for Avira's heuristics.

 

I can receive many new variants of zlob everyday,Avira and other av vendors can't detect them.Bypass Avira's heuristic is not a difficult thing.

 

Hi

Your PM? Not Stefans' PM? Is he supposed to hack into your account or something?

Thanks

 

Everything can be bypassed, can't it? What's then?

If you focus your studies on a technology trying to bypass it you'll find out almost always a way to bypass it.

But if someone focus his studies on a technology with the goal to bypass it, then it should mean that technology does its job quite well.

 

then again why would someone want to bypass avira when they could bypass bigger companie av's which have a bigger market share?
most people find exploits in windows because so many people use it.
thats why so far not many people try to hack OSX and linux.
yes OSX is hackable but its not worth it atm.

 

Who said they haven't already done it?

 

very possible.

 

that is Zbot not Zlob.

 

I was infected for 2 days ago with Zbot, it called: AntiSpyCheck, and i think it was a rootkit in the file also, but ohh it was so hard for me to remove from my pc.
The Network did not worked and everything went so slow.
I use Avira AntiVir Premium.
'

 

Avira is right at the top of efficacious AVs, and while nothing is 100%, it is as good as current technologies permit. Until something better comes along- I'll stick with Avira.

 

Do you use only an AV to protect your PC?
If so, what's the repeat cycle for your infections?

Cheers

 

Not really

 

So will I........

 

I've used Avira since version 6 and here I am using the free version 8,so yeah,until somethin better comes along,it be stayin on for the ride