Zbot authors just love Avira?

Discussion in 'other anti-virus software' started by Stefan Kurtzhals, Jul 8, 2008.

Thread Status:
Not open for further replies.
  1. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    A few of the recent variants have a string in the header:

    "Hello stupid developers of the Avira Antvir. You can use this string as signature of this PE =). RZSD"

    Seems somebody got upset.
     
  2. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    On the next variant you'll find a cyber-posy in the resource section
     
  3. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    hmm.. I wonder where those 'greetings' come from :shifty:
     
  4. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    Thats exactly what AVIRA is doing, churning out sigs that only work on one MD5. That is not sustainable.
     
  5. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Thats so not true... Same signature clearly covers files of different sizes and structures. Not to mention generic signatures ending with ".gen"...
     
  6. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    I think Stefan won't be so happy to read this :D

    btw: what proofs do you show all to support your sentence? :) There should be really good proofs to prove this, even because if it's true then you should even explain why Avira is scoring well against file infectors or against malware using polymorphic cryptors :)

    Edit:

    just an addition, to better explain what I mean: it can be possible to use sometimes signatures based on some checksum algorithm, but as I can understand that post, looks like you're saying *all* Avira's signatures are based on MD5
     
    Last edited: Jul 12, 2008
  7. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Actually, that is a common approach these days. Add static detection until a generic detection is released. Well, unless you are one of those who think that it is better to have no detection rather than a "flawed" one.
     
  8. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Don't you see such "messages" regularly?

    I was looking at some malware recently that had some nice references to a certain AV company in it...something a bit too nasty to post here :)
     
  9. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    I think they are unhappy with the way you dealt with them, you kick their left ass when they supposed you should kick their right one.
     
  10. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Stefan, please check my PM.
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yep, i must be one of these...

    id love to see the computers files, after avira attempts to rid the computer of this nicely detected threat.
     
  12. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Virus writers start to fear Avira because it causes them troubles in coding the malware. :p
    That's a good job for Avira's heuristics. :)
     
  13. Don johnson

    Don johnson Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    77
    I can receive many new variants of zlob everyday,Avira and other av vendors can't detect them.Bypass Avira's heuristic is not a difficult thing.
     
  14. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Your PM? Not Stefans' PM? Is he supposed to hack into your account or something?:eek: :D :argh:

    Thanks
     
  15. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Everything can be bypassed, can't it? What's then?

    If you focus your studies on a technology trying to bypass it you'll find out almost always a way to bypass it.

    But if someone focus his studies on a technology with the goal to bypass it, then it should mean that technology does its job quite well.
     
  16. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    then again why would someone want to bypass avira when they could bypass bigger companie av's which have a bigger market share?
    most people find exploits in windows because so many people use it.
    thats why so far not many people try to hack OSX and linux.
    yes OSX is hackable but its not worth it atm.
     
  17. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Who said they haven't already done it? :)
     
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    very possible.
     
  19. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    that is Zbot not Zlob.
     
  20. Ozis

    Ozis Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    1
    I was infected for 2 days ago with Zbot, it called: AntiSpyCheck, and i think it was a rootkit in the file also, but ohh it was so hard for me to remove from my pc.
    The Network did not worked and everything went so slow.
    I use Avira AntiVir Premium.
    '
     
  21. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    Avira is right at the top of efficacious AVs, and while nothing is 100%, it is as good as current technologies permit. Until something better comes along- I'll stick with Avira. :thumb:
     
  22. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Do you use only an AV to protect your PC?
    If so, what's the repeat cycle for your infections?

    Cheers
     
  23. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Not really :rolleyes:
     
  24. Arup

    Arup Guest


    So will I........:thumb:
     
  25. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294

    I've used Avira since version 6 and here I am using the free version 8,so yeah,until somethin better comes along,it be stayin on for the ride :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.