Shame on you, ESET! Viking, Hipak.A, and Fujacks

Discussion in 'ESET Smart Security' started by X3ro, Jan 13, 2008.

Thread Status:
Not open for further replies.
  1. X3ro

    X3ro Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    69
    Location:
    Omsk, Russia
    Hipak.A - a trojan appeared around 07.01.2008 in our local network (more than 1600 PCs) and nod32 2.7, ESS didn't saw it and theremore didn't healed it... MAny people lost a big amount of their files and photos. I've send an arhive to ESET on 9.jan (I am not a customer, but liked this product) and nothing happened until yesterday.

    Shame shame.... virustotal said that only 4 Antiviruses didn't saw the Hipak (somewhere the name is Viking, Fujacks (again :mad: ) - and NOD32 was in that list.

    I thought ESET's product catch all viruses in the wild - here's an example of WILD thread.... IMHO the responsibility was very very slow

    PS. And I'm the only man now in the local network that offer to back to ESET's products. Prove I'm wright!
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I have tracked down all samples between Jan 8 and Jan 10, but could not find one mentioning that name. Could you please pm me details about the email, such as the sender's email address and the subject? Could you please resend it to support[at]eset.com? We'll check it and add detection if it actually turns out to be a real functional threat.

    I'm quite sure it's not in-the-wild as such samples are dealt with the utter priority. If you encounter a threat that is not detected doesn't make it ITW.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hipak has been detected as of version 2785 (Jan 11, 0:cool:, the sample we've just received is detected as well.

    1. 2785
    (Threat Center/Database Updates)
    Win32/Adware.AVSystemCare (3), Win32/Adware.DriveCleaner (4), Win32/Adware.WinPCDoctor (2), Win32/Hipak, Win32/Spy.Agent.PZ
     
  4. X3ro

    X3ro Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    69
    Location:
    Omsk, Russia
    I've send today to support another message (on 15.01 CET) with subject "Hipak (pass=1) kills both nod32krn nod32kui on 2.x and ESS versions"

    The subject is wright - it really kills both processes!! the kernel and the GUI

    PS. Here in Russia there are tallks about some of the AV vendors in Russia did special variant of thread (the one in the archive) that cannot be recognized by NOD32 and ESS... May be because ESET won the BIG tender in Russia for equipment the most goverment structures (over 60000 licenses so, Kasp.... loses and become very very angry!)
     
  5. X3ro

    X3ro Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    69
    Location:
    Omsk, Russia
    I mean the virus was detected by others AVs on 10.01 well (no screenshot, it's a pitty).... so, in the period 6-11jan we were unprotected... try older database (for example dated 7th jan)

    ..and the very bad thing is that it killed the AV kernel and GUI!!!
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Just out of curiosity, so what does, then?
     
  7. X3ro

    X3ro Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    69
    Location:
    Omsk, Russia
    You can check when I mailed ESET (e-mail: _apj(at)mail(dot)ru)
     
  8. crummock

    crummock Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    198
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I was afraid of that.

    According to that very interesting definition, all ad/spyware, trojans and worms aren't ItW viruses at all.

    Even worse, the definition of "actively spreading" is: reported by at least two WildList reporters. Which, I guess, explains the almost non-existent reaction to customer submissions, since we don't wear the shiny WildList Reporter badges.
     
  10. crummock

    crummock Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    198
    I could be wrong but it feels like another marketing thing.

    We are told that a particular piece of software has 100% success with 'In the Wild' viruses and I guess I assumed that meant viruses spreading around in the wild.

    What It seems we have missed is that 'In the Wild' actually is a term used to mean listed on a particular organisation's lists.

    Whether I am the only one to have missed this "marketing" point and whether it makes any difference to how effective Eset products are is I guess down to individual opinion.
     
  11. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    http://www.sunbelt-software.com/ihs/alex/vb_2007_wildlist_presentation.ppt
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Less that and more simply a reflection of the reality at the time it was created. The wildlist dates from a period in which new threat emergence was quite modest (by current standards) and the velocity of spread was quite a bit lower than it is today.

    The Wildlist remains a useful metric since it possesses some standardized attributes. However, it's certainly not a comprehensive list of all malware actively circulating on the Internet at any point in time, nor is it necessarily representative of the most common circulating threats.

    The presentation mentioned above by solcroft pretty much says it all.

    Blue
     
  13. crummock

    crummock Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    198
    Fully understood and accepted.

    I guess that I, and maybe one or two other people, have not adequately researched what was behind the headline statements regarding how good a product is at detecting 'In The Wild' malware.

    I'm not suggesting that it automatically means ESS is a bad product and I'm certainly not suggesting that any false claims have been made. Simply that, as with many products, marketing material (inc. websites) often express things in a way that requires more research to fully understand the facts than at first seems necessary.
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Absolutely!

    On the flip side, depending on your perspective and the specific situation, "failure" to obtain a VB100 pass rating may or may not be an issue. VB100 ratings are useful via the standardized and well defined metrics required to obtain a passing rating and represent only one performance dimension of a multidimensional situation.

    Blue
     
  15. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Non of the anti-viruses can catch all the malware in the wild. You should read less computer's magazines.
     
  16. ASpace

    ASpace Guest


    :D :D :D :D :D

    :thumb: :thumb: :thumb:
     
  17. crummock

    crummock Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    198
    In Eset's case 'in the wild' means that it will catch everything on the list of things that were widly known about by AV companies including Eset several months ago.
     
  18. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    You should also consider when reading those magazines that these are people testing peoples products against peoples viruses, so therefore, no peoples product can realistically show and catch peoples viruses in the wild because these magazine people can't get all the "in the wild" viruses and these peoples viruses have a low chance of infecting you.

    P.S. sorry if i confused you.
     
  19. Spool

    Spool Registered Member

    Joined:
    Jan 22, 2008
    Posts:
    8
    co-operator LK DVI compose test behalf tomtit http://virusinfo.info/showthread.php?t=16154

    А also co-operator human beings - co-operator LК affair test against anti malware ru ,

    I am convinced viruses writes Kaspersky, is convinced on 99.9 %! :thumbd: :)
    Kaspersky-it simply mafia - They malicious and bad, offend me:'(





    ThreatSense®Vitalik
     
    Last edited: Jan 28, 2008
Thread Status:
Not open for further replies.