New Variant of Zeus Trojaner

Discussion in 'Prevx Releases' started by freeman76, Jul 1, 2011.

Thread Status:
Not open for further replies.
  1. freeman76

    freeman76 Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    10
    Location:
    Munich / Germany
    Last edited by a moderator: Jul 1, 2011
  2. guest

    guest Guest

    And I always thought links to VT were forbidden here? ;) - Though I never understood the reason for that rule and thanks btw also for posting your warning. - But I have to say from my long time observations that Prevx results on VT are often different from what you would have seen on your own system (where Prevx is actually running). So you probably can't derive from that VT scan result that Prevx would not detect this bad thing while running on your system. - Or did you test this locally? Then this would be bad news indeed. ;)
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I have to agree with guest on this as I test allot of malware and I know that Prevx detects them but does not show up on VT for what ever reason! Also we were told that VT does not use the full version of Prevx 3.0 it's some type of commandline scanner! PrevxHelp can fill us in again!

    TH
     
  4. freeman76

    freeman76 Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    10
    Location:
    Munich / Germany
    Sorry for the VT link :-(.
    From e.g. heise.de was reported by Zeus, there was the VT link, since a large part of the virus scanner does not recognize Zeus. I was just surprised that Prevx has not even recognized. I know that strength lies in the recognition of Prevx when you run the programs, but was also of the opinion that the normal scan also detects viruses, or at least very recent. I will now scan the attachement on my testmachine with prevx full.
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We will certainly add detection if it is missing but indeed the VT results don't accurately reflect what Prevx or any of the products actually detect. The engines on VT are very different than what the consumer versions run and consequently have different detection results.

    Additionally, with Zeus in particular, we could intentionally remove every database rule which detects it and all of our users would still be fully protected as SafeOnline works generically to prevent it.

    Hope that helps! :)
     
  7. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    there are so many zeus and other variants every day you will find often variants not detected by companys. this zeus from the bsi article is nothing new, its only a new spam campaign not more.
     
  8. freeman76

    freeman76 Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    10
    Location:
    Munich / Germany
    Thank you very much for the answers!

    @markusg
    No, it is a new type of zeus with an integrated download for further components.
     
  9. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    no, this is not new, often we can find zeus variants downloading other malware. for exsample fake avs, to get as much money from the user as posible.
    we also can see this with tdss for exsample
    perhaps im wrong, so somebody from prevx will korekt my :)
     
Thread Status:
Not open for further replies.