Rustock C no longer a myth, no longer a threat

Discussion in 'other anti-virus software' started by Meriadoc, May 6, 2008.

Thread Status:
Not open for further replies.
  1. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Their forum, their call.
     
  2. sergeyko

    sergeyko AV Expert

    Joined:
    May 16, 2006
    Posts:
    56
    Ok, see what people write below:
    Is it clear now? You may conclude yourself who are those respective labs.
     
  3. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    A user asked a question, and someone gave an answer. It is a support forum, so it's right to close the thread.
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    so what if kaspersky misses the threat, so do many others.

    People are forcussing on detection too much, as expected I suppose.

    The impressive part for me, is that it already cures it successfully.

    :thumb:
     
  5. Wordmonger

    Wordmonger Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    4
    Nope. likuidkewl's position about his sample is clear (still posting an MD5 wouldn't hurt in my opinion). Yours is not.
     
  6. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    No...it is closed because people were starting to argue with each other about trivial things instead of focussing on the topic, and in any case I doubt anyone had anything else constructive to add to that topic. Watch your own back yard and we will watch ours. :thumb:
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    can you tell us at least if Avira and BitDefender were among those 9 ? :)
    Thank you!
     
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    ;) would that answer your question. At least for the first mentioned.
     
  9. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031
    All AV vendors with an association at a certain website, which will not be named for undo attention reasons, receive these files on a daily/weekly/monthly basis. Yes, Dr. Spin is included. No worries on that front.

    I am not going to fuel the fire here anymore ;)

    With that said, I will also not be stating who detected the dropper and who didn't. There is no point, each vendor has many avenues to obtain this information and as such should be able to add detection as deemed necessary.

    As a side note: Please understand that my statements are of the DROPPER and not the actual ROOTKIT itself. I have no desire to install windows just to get a rootkit and come here to say A,B,C detect it but D blew my system away trying to. The only reason I chimed in on this was because of the approach taken.
     
  10. gates

    gates Registered Member

    Joined:
    Sep 2, 2005
    Posts:
    59
    If Dr.web attempts to sell more licenses releasing announcement about Rustock - then JOB WELL DONE ;)

    and somebody dare to say that they are poor at marketing. :D

    However still waiting how fast competitors can find way to cure.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Can u tell us which areas/ regions of the world are maximally infected?

    Thanks
     
  12. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    It seems some people are still stuck in the 90's where detecting 1 additional virus variant/family was a serious advantage over the competitor.

    It also seems that those people haven't noticed that there are several thousand new and undetected samples every day. Maybe they should have a look at the recent Zbots, Pandex, Tibs, Zlobs, Vundos and such.
    What about the java script exploits embedded in PDF? They are still undetected by many, especially the most recent variation.
    While it is very exciting to analyse a polymorphic infecting rootkit it seems to be too difficult to unpack a zlib stream from PDF documents and write a simple generic for a java script exploit. Not enough glory involved or what?

    The funny (or not so funny) thing is: those malicious PDF files are used for targeted attacks, espionage and so on - and are very much an ITW problem right now! Seems like someone screwed up priorities by focusing on malware that is over 6 months old. I agree, it is not a trivial task to write a cure for the Rustock.C's, congrats! - but how many other detections could you have finished in the time needed for handling ONE variant of Rustock? 1 vs 1000?
     
  13. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    avira does not have infected users?

    ......... now what?

    i dont think its a bad thing for drweb to work and Succeed at curing many different files, why all the negative comments?
     
    Last edited: May 9, 2008
  14. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Well, the way I see it, there's different kinds of "glory". One of those kinds are as you mention: conquering the challenge of cleaning a complex rootkit, or successfully developing new, advanced emulators, and so on and so forth. Another kind is the glory of resorting to any means necessary just to earn a shiny 99.9% detection rate award in antivirus tests, despite the fact that the crude technologies behind that detection rate were tuned blindly for detection first whatever the cost and adjusted to remove FPs later, that improvements to the engine consist mostly of fixing the numerous FPs, and that it comes with a whitelist that is probably more extensive than the signature databases of some vendors. Different kinds of glory.

    But I also think that the diversity of the antivirus industry is its greatest strength. If every vendor employed the one identical, "most effective" approach, they will all get wiped out in one fell swoop when that approach fails, as it invariably always will. Overspecialize, and you only breed weakness. The fact remains that the industry needs vendors who dedicate resources to developing sophisticated emulators, generic detection algorithms and complex cleaning routines for stubborn malware, just as much as it needs vendors who spend a few seconds to update their packer detections for a new threat, and then move on and forget all about it.

    So why not let's not get too uppity about it all?
     
  15. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    :thumb:

    yes solcroft, its a real :thumb:

    lol
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Well said Solcroft!
     
  17. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Very Well said Solfcroft.:thumb:
     
  18. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Nobody cared about but I said long while ago that PDF is a huge security problem,
    now we have the prove! Well explained! I watched the pdf disaster for a while, Adobe the big risk as well as java script.
     
    Last edited: May 13, 2008
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Rustock C was a challenge and DR.Web people took the chellenge. That,s the glory. :thumb: :thumb:
     
  20. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    This is why I am really starting to dislike AV vendors. You read this and for a dang idiot like me you ask yourself, who is right and who is wrong. I re-read this whole thread and still dont know the answer. It is ridiculous.

    Tidy here I come. As I said I need some simplification in my life.:doubt:
     
  21. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Hm, probably you don´t like to look under the ground. They have good connection to rus.malware developpers, imo.
     
    Last edited: May 10, 2008
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    If it was the case, why it took such a long time?
     
  23. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Difficult question probably it has something to do with schizophrenic states of individuals and disputes? People tends to be moody that could be one way to explain it, but surely there are lots of other things...
    ..but you can be 100% sure good and bad are not so far away from each other.. especially in it security
     
    Last edited: May 9, 2008
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    May be yes, may be not!! Who knows!! :rolleyes:
     
  25. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79
    Yet more trash from yet another that was once respected.

    After a full examination and conclusion,when are you folks gonna rant and rave over something that I actually CAN NOT find with no tools whatsoever.

    Instead of all this trash,show me something I cant find and I will STFU forever.

    Sissy pranks and Childish actions will only leave us all further behind the game while the game itself continues and grows stronger.

    For those directly involved...I must say..mission complete..you have succeeded yet again in complete seperation of a unity which was never built.

    You folks know where im at,come get me,I wait patiently to be impressed. :thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.