Rogue AV count ?

Discussion in 'other anti-virus software' started by CloneRanger, Apr 14, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I've lost count of ALL the rogues that have been released. I know it must be in the hundreds by now. I guess it'll be thousands before too long, with NO end in sight :(

    Anybody know a link that has a full list count ?
     
  2. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    IBK

    Thanks :thumb:

    Fresh today Wednesday, April 14, 2010

    The Rise of Fake Anti-Virus

    11,000 domains involved in Fake AV distribution :eek:

    I don't think it means 11,000 unique fake AV's. If you find out how many actual rogues there have been, please let us know :)

    Are you going to San Jose, woh woh, woh woh woh ;) on April 27th ?
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I think Kaspersky with application control and everything listed as other applications as untrusted, may be the only other way to stop this stuff without being sandboxed. I saw the you tube video and it does work.
     
  5. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    FYI, setting it to prompt when low/high restricted applications are executed help with usability and make it easier to add to Trusted ;)
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    no sir, Prompt requires user intervention and thus, the crux of the problem.;)
     
  7. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Kaspersky had 318 families of rogues in its database on 13th November 2009.

    Source: http://www.securelist.com/en/analysis/204792090/Rogue_antivirus_a_growing_problem

    Ahh, different needs I guess. Good thing its flexibility allows it to serve everyone's requirements - block control (your case), maximise control (my case)!
     
    Last edited: Apr 15, 2010
  8. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    hmmm... maybe %APPDATA%\*, %PROGRAMFILES%\* and even %TEMP%\* should be considered to add in HIPS to defend properly against rogues (or their traces if nothing else)
     
  9. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    What do you mean?
     
  10. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Some of rogue appz. like to install themselves like "normal" appz. in folders from above post and thus HIPS should extend scope to those folders also to be able to defend system from malicious junk
     
  11. Stormside

    Stormside Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    1
  12. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
  13. NickHSunbelt

    NickHSunbelt Support Specialist

    Joined:
    Apr 13, 2009
    Posts:
    177
    Location:
    Clearwater, Florida
  14. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Guys

    Thanks for all the links :thumb: Multiple new rogues/variants almost every day :(

    Still interested in finding a full count though, if there is one ?
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
  16. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    HIPS protect generally on a per-application basis. Also, if you mean prompt for all applications which try to add a file to Temp or within the Program Files directories is far from user friendly and counter-productive IMO.
     
Loading...
Thread Status:
Not open for further replies.