Ultimate tool(s) against STUXNET & ZEUSS?

Discussion in 'other anti-malware software' started by taytong888, Oct 5, 2010.

Thread Status:
Not open for further replies.
  1. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    138
    Any suggestion?
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    AntiExecutable software = Whitelisting and/or delete after session software like Returnil/Sandboxie etc.

    Anyway Stuxnet won't affect you, or anyones, unless you have a Nuclear operation in your back yard, running Seimens SCADA :D
     
  3. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    almost all up-to-date AVs can detect it..

    but Anti-Execution methods are probably the 'ultimate' against anything :D
    prevention is always the best ^^
     
    Last edited: Oct 5, 2010
  4. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    mwahahaha! :D
     
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    what about Geswall or Defensewall?

    i suppose those 2 would work as well, right?
     
  6. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    138
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    You could run the Stuxnet Removal Tool for a checkup.
     
  8. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    138
  9. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    a couple of days ago I saw MRG putting Stuxnet to test against the AV's/AM's products included in their flash tests, IIRC all of them caught it.... as for Zeus, well you have to clarify if you need a removal tool or blocking one, in the first scenario Hitman Pro will easily handle a Zeus infection, in the second scenario, most (up-to-date) AV's will catch it but as it's been mentioned already, an anti-exe app should keep you safe.
     
  10. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Hello,

    I'm not so keen on believing in conspiracy theories but, if like some allege that CIA/NSA/FBI might be behind the STUXNET worm, it's highly unlikely that AV companies [specially USA based ones like Symantec/Norton or McAfee] will create a removal tool for Stuxnet.

    I still remember several years ago about Magic Lantern and McAfee and Norton not committing to detect this thing in order to cooperate with the Feds.

    Zeus would be another story since is widely detected by many AV companies since the very reason for its existence is to steal baking information from personal computers whereas Stuxnet is apparently targeting Iran's nuclear facilities mainly.


    Regards,



    Carlos
     
  11. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yep most AV's are hitting the main exe and rootkits but they don't seem to hit all the droppers even after uploading them to VT a coupla days ago??

    Maybe the undetected droppers aren't worth a siggy or not malicious but the Stuxnet Removal Tool flags them for removal?

    Submission date - 2010-10-02
    winsta.exe - 41/ 43
    mrxcls.sys - 42/43
    mrxnet.sys - 42/43
    oem7A.PNF - 7/43 - reuploaded today - 7/43
    oem6C.PNF - 1/42 - today - 1/43
    mdmeric3.PNF - 0/42 - today - 0/42
    mdmcpq3.PNF - 0/42 - today - 0/42

    Stux.JPG
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    RegRun:D :thumb:
     
  13. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Prevention is better than cure.
    Use Defensewall/Emsisoft Mamutu + WinPatrol PLUS + UAC/LUA/SRP combination with solid antivirus (no A vs B) for better protection against such threats.
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    that's true:)
     
    Last edited: Oct 6, 2010
  15. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    976
    Location:
    Paris
    It comes down to :

    No Seimens SCADA = No Problem for Stuxnet

    Zemana for Zbot.

    Simple as that.

    (actually for Zbot not that simple- if the Bank that you have a credit card from has been compromised- like Bank of America- all your details are already in Kazakhstan. So you really don't have to worry about your personal computer security in this case).
     
    Last edited: Oct 6, 2010
  16. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    SpyEye with its kill Zeus functionality. :rolleyes:
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Brilliant :eek: Then get another nasty to clean Zeus :D Could be stuck in a loop like that forever ;)
     
  18. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    138
Loading...
Thread Status:
Not open for further replies.