Rustock C no longer a myth, no longer a threat

Discussion in 'other anti-virus software' started by Meriadoc, May 6, 2008.

Thread Status:
Not open for further replies.
  1. sergeyko

    sergeyko AV Expert

    Joined:
    May 16, 2006
    Posts:
    56
    Don't be sorry. You've just mixed up a warm thing with a soft one.
     
  2. Wordmonger

    Wordmonger Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    4
    Are you saying that since it was hard for DrWeb to find the samples it should not be too easy for the others either? If you could say it straight, I think I could accept it. :)
     
  3. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
    Last edited: May 9, 2008
  4. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    I see something in post no.20 at that forum...
     
  5. Netherlands

    Netherlands Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    159
    I see KIS 2009. What does it say about it. I can't speak or read rusian or whatever it is. Tell us please :blink:
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    here is the best I can do.

    sww
    Had nicely fun yesterday)

    Dear Алиса, without insults certainly, for васм, you should understand, that our work demanded observance of the certain norms of behaviour of separately taken community:) And certainly the company the Doctor the Web and its PR to a department it is still far up to you with yours одрайверенными руткитами громозонами, ends Интронета and other firm delirium:)

    I certainly would explain to public from Kaspersky's laboratory why their antivirus is not capable to find out this руткит any version, but I am afraid, nobody will estimate my outpourings and me after similar there and then забанят:) However against the last I do not object and right now as personally I with you already have nothing to do more:)

    Mike
    You not only have not spoiled a holiday, but also to put it mildly roughly being expressed you not in a theme, because have shown that that you запостили is not Rustock. C, and only, by import, intermediate version A-B. And that the doctor it sees a web how many does not reproach merits of this antivirus and the collective, managed to unpack such powerful криптор, as that that on Rustock. C;)

    All that hysterics that is observed now at forums of type virusinfo.info, wilderssecurity, rootkits pleases an eye.
    It is compelled to afflict those who now nervously bites elbows (smiling thus on public) and tries to give out everything, that there is for PR a course of laboratory Dr. A web helplessly rending the air, throwing one idiotic applications behind others. Certainly the share of PR is present at clause, but it is healthy PR, and it is looked where more fairly than than Kaspersky's Laboratory so likes to stuff minds of the users. Without insults, simply ascertaining of the facts:) That that is visible in a broad gully online of the scanner anybody speaks that except for Др. The web really does not detect this руткит. Those two недопродукта which there have groped something сыпят фалзе positives on many that else besides. In additives any of them is not capable (and hardly can sometime in the long term) something to make with it руткитом. I shall repeat for those who in the tank - any antivirus except for DrWeb at present time is not capable to find and neutralize this руткит. Even the most paranoid products. Moreover I hasten to afflict fans of proactive protection and model хуканья is more rigid - дропер it руткита perfectly bypasses such products as OSS 2008, KIS 2009, DW, SSM 2.4, starts руткит and after that all possible struggle against it at these products comes to an end. More we did not test, because it was elementary влом:) to prevent unnecessary insinuations, I do not work on company Dr. A web.

    It is necessary to expect only occurrence of messages about аффтарстве руткита Др. A web. To enter with you polemic to me it is uninteresting, no less than to explain or prove to you something. I hope, that now when all have seen, about what we spoke in 2006, the anti-virus companies will find a little time and instead of senseless PR and сотрясания air including here will add detecting and removal of it руткита which represents where greater threat, than that you so like to scan on your arranged tests;)

    Here actually and a screenshot руткита:) Search for the Lord and add детект instead of employment пустозвонством and мерянья результами in the paid and underpaid foolish marketing tests.




    --------------------

    Ring0 - the source of inspiration
    Ur to computer viruses!
     
  7. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    translated, OK it's a bit stilted.

    Blue
     
  8. Netherlands

    Netherlands Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    159
    Thanks for the translation BlueZanetti and trjam :D

    The topic about this subject has been closed on the Kaspersky forum for some reason :gack:
     
  9. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    If it can bypass CFP(latest) on installation phase I will eat little finger on my foot :eek: , I tested many Costrats against CFP and no one bypassed it...
     
  10. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Remember SQL 386? Drive by download? Infected webside? Leaky Browser?
    Lowest Level Phase? Full kernel level unhook?
     
  11. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
    Its was discussed and was slowly getting out of hand and off topic. Also, KL knows about it and OP's questions were answered.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Closed as KAV can,t detect it, otherwise they might not close it. It,s hard for any one to publically accept the facts. :rolleyes:
     
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    :D :D :D That is one problem of human nature. :D :D :D
     
  14. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    I don't think that "Kaspy" really "knows" it, detection lacks... and if we ask EP_X0FF, PD and HIPS of it doesn't understand it very well.
    edit: Im not so fast
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    If they accept they will not loose any thing. Rather they will earn a respect of professionalism. But ....
     
  16. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031
    I have been following this thread for a bit and would like to simply state that we all may not agree with Dr. Spin, but that is their marketing department and if they feel they are justified great! I can say that I have access to a newer Rustock dropper and the detection is 9/31 @ VT(note this is meaningless). Dr.Spin is not one of the nine, so they have to rely on the actual infection detection(TM).


    Ps. No I will not give it to you! It has been submitted to the Vendors list and the respective labs will have at it soon.
     
    Last edited: May 9, 2008
  17. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
    Urmmmm... We know according to VT, it was not detected by Kaspersky. the link to VT is in the thread which showed Kaspersky didn't detect it and no attempt has been made to hide or obscure it.

    Kaspersky can accept the fact that it was not detected, or else the link would have been removed or hidden :)
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I don,t expect them to be so much ...
     
  19. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    So Kaspersky will detect dropper only?
     
  20. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    As I mentioned there, even if it is true, it will be fixed as soon as I get a loader sample. So, if anyone has it's loader- please, PM me.
     
  21. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    IMO, X detect the malware since dd.mm.yy while Y does not still detect it after xx.... brings us no where...
    Its clear that X invested time and resources into it while Y not. The same may apply (reversed) for other malware threads.

    So what?

    Fax
     
  22. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
    I didn't say or imply in any way Kaspersky will detect it.
    Read my post again.

    I was just saying Kaspersky's forum is not attempting to hide the fact that at the time fatdcuk made the post, Kaspersky did not detect the sample which was uploaded to VT and that fact is not hidden and has not been obscured in any way in Kaspersky's forum (as some users thought this was the reason to why the thread was closed).
     
  23. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    The thread at kaspersky labs has been closed because a user called fatdcuk has given the right anwer. The update will come soon. Why are you all getting against Kaspersky now that it doesn't detect a threat? Have you forgot the days when YOUR antivirus didn't find something? All antiviruses will detect a few threats faster than others. And what about Dr.Web? Haha, aren't you showing off too much? Because of a single detection? Haven't you though of what it misses before of what it finds?

    Anyway, since the sample has been spread, even if Kaspersky doesn't find it for a while, other anti rootkits will do it. And don't forget that after getting the samples, they have to figure out the correct way to CLEAN the rootkit out of the system file, because deleting it will cause the system to screw itself up.
     
  24. format_c

    format_c Registered Member

    Joined:
    May 6, 2008
    Posts:
    116
    yep, it's not. they use Kaspie AV, you know. :p
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Since when do you close a thread for the correct answer.o_O
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.