The Year in Review
As the year comes to a close … it appears that Trojan.Zlob/Codec remains the #1 threat. This is mainly due to the coordinated effort of the Malware writers and the Rogue Anti-Spyware community …
While the detection rates have become better for the commercial Antivirus/Antispyware products, the “freeware” versions have failed to keep pace and are no longer recommended as a first-line of defense …
The huge rise in the amount of “Rogue Anti-Spyware products” really surprised me this year. Even exposing these fakes has done little to stem the tide … what I would like to see is all the “Mag” sites run several reviews on these bogus products and get the main-stream media involved in exposing all the parties involved.
So folks remember it’s important to keep all your software updated, as the trend now is to attack the 3rd party products as the malware writers are finding it harder and harder to attack Windows itself.
I’ll leave you with the following from August of this year …
“The most interesting part (for me) however was the “Defense Evaluation / Blacklisting” part. When applied on their dataset the very famous hosts file maintained by winhelp2002 blocked all infections, although it contained only a minority (12%) of the domains.” [source] (emphasis added)
3 Comments »
Filed under: Uncategorized
December 31st, 2007 at 12:56 am
“what I would like to see is all the ‘Mag’ sites run several reviews on these bogus products and get the main-stream media involved in exposing all the parties involved.”
An excellent suggestion… Unfortunately, like most magazines, PC-related magazines seem to avoid reviews of stuff that they already know is bad. It would be nice to see someone like Neil Rubenking pick up the ball on this issue.
“While the detection rates have become better for the commercial Antivirus/Antispyware products, the “freeware” versions have failed to keep pace and are no longer recommended as a first-line of defense …”
That is certainly true for most of the freeware anti-spyware products. Having run thousands of samples of malware through VirusTotal, I’ve been impressed with the results from Avira (AntiVir). They’re often among the earliest to provide a defense against new stuff, even earlier than NOD32, which both of us use. Kaspersky seems to be consistently the fastest (along with F-Secure, which licenses Kaspersky’s definitions).
Among the “paid” software, Microsoft’s offering gets the most-improved award for the year. Of course, it had nowhere to go but up. Happy New Year!
December 31st, 2007 at 10:41 am
Just wanted to say thanks for all the great posts youve published this year. I found your site thru a Google Alert for “Spyware” earlier this year and Ive enjoying reading the posts here since.
All the best for you and yours.
December 31st, 2007 at 9:48 pm
A minor nit is in order, but only after I say thank you for your work. 😉
http://www.honeynet.org/papers/mws/KYE-Malicious_Web_Servers.htm
“Does this mean that blacklisting is an ineffective method? In order to answer this question, we repeated our analysis of the 306 malicious URLs on a client honeypot that uses a DNS blackhole list, including the servers in the hosts file from http://www.mvps.org and the servers in the clearinghouse of stopbadware.org, and repeated our analysis. Considering that only 12% of the servers we identified as malicious were included in our blacklist, one would expect a remaining high number of malicious classifications by our client honeypot. Surprisingly, only one URL remained malicious. We conclude that blacklisting is indeed a very effective method to thwart these attacks.”
So that would be a combination of the hosts file and a list of malicious sites from stopbadware.org that was used and it left 1 malicious link.
Thanks again and Happy New Year.