Discussion in 'NOD32 version 2 Forum' started by Bilby, Feb 18, 2005.
Sounds pretty nasty.
This is something that DiamondCS Process Guard will stop.
I use NOD32 and I'm quite happy with it, but I don't think any AV product stops that type of threat.
root kits are nothing new to the *nix world - if you secure your machine, you can prevent the root kit infiltration - if your underlying operating system has more holes than a swiss cheese, you're potentially in trouble...
If the lessons learned in the *nix world are applied to the 'doze platform, we might have half a chance of locking out the blighters - firewalls up is the first line of defense...
it might not be the same, as I think they are distributing the source of hacker defender, not a compiled binary - but on visiting both the source web site and it's mirror, attempting to access the .rar files purporting to contain the hacker defender files and also it's associated downloads yielded a red NOD32 terminate/quarantine option box - ie, NOD32 found "Multiple infiltrations" in the .rar files I was attempting to download.
Either it means that the files were trojans in their own rights pretending to be the hacker defender sources, or the folks at Eset are well on top of this game at the moment.
I tried to download the zipped exe to a virtual space and IMON caught it immediately. Like you said, I'm not sure if it was what the file contained or if it was an attempted direct infiltration.
Thanks for the responses.
Separate names with a comma.