ajö antivirus

Discussion in 'other anti-virus software' started by ajo, Jan 14, 2010.

Thread Status:
Not open for further replies.
  1. ajo

    ajo Registered Member

    Joined:
    Jan 14, 2010
    Posts:
    3
    I just recently managed to see this thread: https://www.wilderssecurity.com/showthread.php?t=245834

    ... and couldn't resist commenting on that (even if it's old) since it's my own project.


    The site is currently down but will be brought up again in some way or another at some point. If anyone is interested in trying it out, I can get the site up again in no time.

    ajö has nothing to do with garlic - it's swedish and means "goodbye".

    The software in itself uses some pretty neat tricks to detect stuff like FuTo from userland. In the latest version there's also a kernel module using novel tricks to detect hidden processes.
    All this is to help experienced users detect malware that AV doesn't find in general.

    The autostart listing is quite extensive, usually containing around 300 entries.

    There's also a part that looks for known trojans, in the latest database it detects all versions of Bifrost, C-One, Poison Ivy, Nuclear RAT and Bandook. Even if they are hidden by their integrated rootkits, or modified by any executable scrambler etc. in any way.
    So it's not very many but it's quite easy to add more targets if given a sample.

    All this is done in an unhookable fashion. With no possible way to hook things in userland that ajö can't find - except specialized and direct attacks written specifically for ajö (big chance, with the current market..! :rolleyes: ). As previously stated it also detects "advanced" kernel rootkit stuff like FuTo from userland.

    I've had toughts about open-sourcing the code, if there's any interest in that. It's written completely in C.
     
  2. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    "Waiting on tests." :blink:
     
  3. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Welcome again to this jungle :)
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Fajo . . . Ajo
    Sound familiar :ninja:

    New projects are always welcome here :D
     
  5. red_dolphin

    red_dolphin Registered Member

    Joined:
    Oct 19, 2009
    Posts:
    9
    Hi ajö,

    Where can I grab a copy of your work?
     
  6. ajo

    ajo Registered Member

    Joined:
    Jan 14, 2010
    Posts:
    3
    Currently the site is down, but I'll upload it again tomorrow to a new location -since there obviously is some interest in it.

    I'll keep you posted.
     
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    A one-man project ?

    Maybe you shouldn't call it an AV ?

    Unless you are able to get the signatures to catch over 95 % of malware.
     
  8. ajo

    ajo Registered Member

    Joined:
    Jan 14, 2010
    Posts:
    3
    Hehe... Well considering that the tags on Bifrost/Bifrose can detect close to 100% (estimated) of the Bifrose.BX (or so) variants of it. You tell me!

    It doesn't use the utterly flawed file scanning techniques most of todays AVs rely on. But on the other hand it WAS a one man project, and in it's current state most of all a tool to help advanced users detect oddities. It doesn't even remove the malware - that's for the user to do. You get the file location though.

    FYI I've got another AV working which is much more of a "real AV" (tm), using even more exotic techniques. The only thing left there is fixing the automated malware analysis tool. But it's been left behind due to other projects and uni.

    But lets put a vapourware label on that for now...
     
  9. Templar

    Templar Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    114
    Well sounds very interesting and your work in general, Ajo you got a web page?
     
Loading...
Thread Status:
Not open for further replies.