trojan overload + + +..

Discussion in 'malware problems & news' started by Longboard, Jun 18, 2006.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Just when you thought it was safe to go back in the water.

    From KMcA blog 13-6-06
    Keep that paranoia setting on high! :mad:

    Dump IE for good:
    As usual the rest is a good though alarming read.
    Even the usually irrepressable KMcA sound stressed.
    Lbd
     
    Last edited: Jun 18, 2006
  2. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    Some later info from Kevin today:

    "26,000 files, 8,000 variants and 435 new trojans in ONE WEEK"
     
  3. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    holy xxxx! :mad:

    man sandbox/virtualization for teh win! defensewall/bufferzone/geswall/sandboxie/tiny firewall professional/deepfreeze/shadowuser(surfer)/first defense ISR/rollback rx should be the first line of defense to any truly paranoid user. many of them are totally free! see my sig :)

    i'm amazed signature based anti-malware vendors havent' been overrun yet.
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I've sent dozens of samples to Kevin lately. His support has been excellent (almost always including the new samples whithin the next day). And I agree with his assessments, the situation these days is simply unbelievable; the number trojans that are being thrown out every day is astounding. The Zlob trojans are being produced to a rhythm that I didn't think was possible, the methods of infection become more and more complex and automated: their methods of infection, particularly when it comes to the CWS gangs, have gone from a simple html page with exploits to a method that includes complex "ever changing" javascript obfuscation routines clearly built from server-side scripts, server-side AND client-side "user agent" sniffing (with the especially crafted exploits being used as a result), constant automated "rotation" of the trojans as to make it impossible to define a single download point, social engineering and semi-social engineering tactics, a great amount of domains and an unbelievable amount of subdomains to avoid "hosts" files, etc.

    Just yesterday I found a site actively throwing exploits, trojans and *rootkits* with files that were undetected by *any* AV/AT (see http://cut-thecrap.blogspot.com/2006/06/is-av-industry-failing.html... and yes, some find them now simply because I sent the samples).
     
    Last edited: Jun 18, 2006
Loading...
Thread Status:
Not open for further replies.