'Super' Malware. Is NOD effective against such?

Discussion in 'NOD32 version 2 Forum' started by Bilby, Feb 18, 2005.

Thread Status:
Not open for further replies.
  1. Bilby

    Bilby Guest

  2. DanL

    DanL Registered Member

    Joined:
    Nov 25, 2004
    Posts:
    159
    This is something that DiamondCS Process Guard will stop.
    I use NOD32 and I'm quite happy with it, but I don't think any AV product stops that type of threat.

    Dan
     
  3. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    root kits are nothing new to the *nix world - if you secure your machine, you can prevent the root kit infiltration - if your underlying operating system has more holes than a swiss cheese, you're potentially in trouble...

    If the lessons learned in the *nix world are applied to the 'doze platform, we might have half a chance of locking out the blighters - firewalls up is the first line of defense...
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    it might not be the same, as I think they are distributing the source of hacker defender, not a compiled binary - but on visiting both the source web site and it's mirror, attempting to access the .rar files purporting to contain the hacker defender files and also it's associated downloads yielded a red NOD32 terminate/quarantine option box - ie, NOD32 found "Multiple infiltrations" in the .rar files I was attempting to download.

    Either it means that the files were trojans in their own rights pretending to be the hacker defender sources, or the folks at Eset are well on top of this game at the moment.


    hth

    GHL
     
  5. Bilby

    Bilby Guest

    I tried to download the zipped exe to a virtual space and IMON caught it immediately. Like you said, I'm not sure if it was what the file contained or if it was an attempted direct infiltration.

    Thanks for the responses.

    -Bilby
     
Thread Status:
Not open for further replies.