Printed from www.pcpro.co.uk
Online scanners help virus writers, claims Kaspersky
Posted on 21 Dec 2007 at 10:02
Online virus scanners can actually help malware writers, according to leading security firm Kaspersky.
Sites such as VirusTotal and VirusScan allow users to check suspicious files against multiple antivirus databases.
However, Kaspersky claims the services have become a Frankenstein's Monster, with virus writers using them to check the effectiveness of their malware. "They quickly caught on to the fact that services like the ones mentioned above could be used to test how well their creations can evade popular antivirus solutions," the company claims on its VirusList blog. "If a new Trojan or worm can be detected by an antivirus, the author will deliberately modify it until it isn't detected any more.
"The result? The heuristics used in the vast majority of antivirus products are helpless when confronted by such carefully prepared malicious programs."
Kaspesrsky claims the online scanners do have their advantages. "By default, VirusScan, VirusTotal and other services send all suspicious files to antivirus companies. If a file is detected by, say, 10 antivirus products, and the other 22 don't detect it, the file will be sent to the 22 relevant virus labs for analysis and to be added to the antivirus database.
"This significantly reduces the time taken by antivirus companies to react during epidemics and also increases the overall detection rate," Kaspersky claims.
However, even this has its flipside. "If the user doesn't want a file to be sent to the antivirus company, then s/he has to disable this option when scanning the file," says Kaspersky.
"However, there's a rumour in virus writing circles that all files are sent to virus labs, regardless of whether or not the option is enabled.
"Cyber criminals are now offering a solution for the tin-foil hat brigade - similar services designed expressly for virus writers. You have to pay to use the service, but there's a guarantee that no file will be sent to an antivirus company."
Kaspersky says it hopes such sites will eventually be shut down.
Author: Barry Collins
advertisement
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
