Top articles

  • KAV TEST Part 1

    12 juin 2007 ( #KASPERSKY 6 TEST )

    FIRST PART based on the behaviour NB: "Accès refusé" on screenshots means "Access denied". 1) Execution protection a) with the TaskManager launched via Ctrl+Alt+Del: F1/F2 b) with srip32 launched by explorer.exe: F1/F2 c) with shellcode for running notepad.exe:...

  • KAV TEST Part 1 Next

    08 mai 2007 ( #KASPERSKY 6 TEST )

    4) Registry protection -with Scoundrel Simulator (Run Keys): P1/P2 (4/5) -with RegTest1: P1/P2 -with RegHide (hidden key called 'can't touch me"): P1/P2 NB: Kav can prevent hidden key installation but is not able to detect already installed hidden key...

  • KAV TEST PART 2

    08 mai 2007 ( #KASPERSKY 6 TEST )

    PART 2: IN THE WILD WITH REAL MALWARES 1) Protection during the boot and before the shutdown a) keylogging protection with WinlogonHijack : P1/P2 P2 ("accès refusé"="access denied"): b) New program running at the boot: -keylogger: with Ardamax Keylogger....

  • KAV TEST Part 2 Next

    08 mai 2007 ( #KASPERSKY 6 TEST )

    3) Malwares protection: a) Trojans and backdoors: -BasicBackdoor: P1/P2 KAV warns about rundll32 integrity violation: this can't really be considered as an alert in relation to a suspect or malicious activity. But even if the backdoor is not known from...

  • KAV TEST Part 3

    08 mai 2007 ( #KASPERSKY 6 TEST )

    CLIENT/SERVER SIDE ATTACKS and other tests: Here we focus on attacks which occur via client applications (browser for instance) and which may represent possible attack in case of intrusion. NB. Most of these tests have been done during the summer of 2006,...

  • KAV TEST Part 3 Next and end

    08 mai 2007 ( #KASPERSKY 6 TEST )

    7) Man-In-The-Middle Attack: a) Locally with SSLSpoofer (R) : P1/P2 A fake certificate is returned but kav is able to detect the connection of SSLSpoofer on 443 port, and the fake certificate. As it is displayed by the next image (referer), this communication...

  • KAV TEST PART 2 NEXT AND END

    08 mai 2007 ( #KASPERSKY 6 TEST )

    b) Worms and virus: -Feebs : P1/ P2. KAV detects the launch of IE browser, which can be blocked, and detects startup entry once mshta.exe is running. Mshta.exe is not killed, but no harmful changes are made. AV detection : - WormRays : P1/ P2. Wormray...

  • WORMS, VIRUS and SCRIPTS

    30 avril 2007 ( #KASPERSKY 6 TEST )

    - Xorala: P1/P2 NB. Kav prevents the malware from being permanent, but not the creation of its files: - Vulcano: P1/P2 - VB Fun Love: P1/P2 - IRC VBS: P1/P2 - Autoworm: F1/P2 - "Virus": P1/P2 (not known from Kav labs, uses keyboard hooks): -Email worm...

  • Other MALWARES Part 13

    08 mai 2007 ( #KASPERSKY 6 TEST )

    Most of these malwares try to install themselves and are easily blocked by the "Trojan Generic" procative alert.Some malwares only open connections, and are not blocked by the proactive module (F1 results).Unfortunately, most .jpg has been lost for most...

  • WORMS, VIRUSES AND SCRIPTS 3

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Worm Scanao: P1/P2 -Worm Delf.bg (also knwon as Worm Cekar by sophos): F1/P2 Kav self-defense: When the host is already infected, the PDM detects s suspicious behaviour, but it's too late (no prevention). -Worm Locksky.au: P1/P2 -Worm Jalabed.b: P1/P2...

  • OTHER MALWARES Part 12

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Backdoor Win32.WinRC: P1/P2 -Trojan Spy Win32 vb.qq : P1/P2 "Dialer " detections are false positive: We build a server that we call Yahoo Messenger, configured to kill Windows firewall, kaspersky antivirus (avp.exe) etc. -Trojan Spy Win32.VB.dd: P1/P2...

  • OTHER MALWARES Part 4

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Trojan Arduk: P1/P2: -Trojan dialer.ht: P1/P2 -Backdoor PackBot.p: P1/P2 -Bat Virus: P1/P2 -Wmf trojan downloader variant: F1/P2 -Trojan Nyxem: P1/P2 -Backdoor Win32.vb.yh: P1/P2 -Eagle Agent Trojan: P1/P2 This trojan from China is not known from AV...

  • OTHER MALWARES Part 3

    08 mai 2007 ( #KASPERSKY 6 TEST )

    - backdoor oscar: P1/P2 - Fearless keyspy: P1/P2 - backdoor Seed: P1/P2 - Code Injection Downloader: P1/P2 - Iow A's Webdownloader: P1/P2 -Bandoork Backdoor: P1/P2: - Poly Downloader: P1/P2 (trojan generic): -Web Devil Proxy Trojan: F1/P2 Active port...

  • OTHER MALWARES Part 2

    08 mai 2007 ( #KASPERSKY 6 TEST )

    - Armageddon trojan: F1/P2 - IRC bot: P1/P2 - Fake codecs, zlob and variants:P1/P2 Kav prevents only the malware from being permanent, not the download of roque products. In a live system, this trojan is difficult to remove for inexperienced users ("rebirth...

  • OTHER MALWARES Part 6

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -PoisonIvy Rat: P1/P2 In this example the server file (orishas.exe) is not detected by the scanner engine as malicious: -MiniTunnel (pure backdoor which does not install itself on the system but just acts as a server): F1/F2 False positives of 2 scanner...

  • WORMS, VIRUSES, and SCRIPTS 2

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Zhelatin worm: P1/P2 -"Kav Virus": P1/P2 Here we just create a simple malicious scripts that we call "kav virus": -P2P-WORM.Win32.Small.y: P1/P2 -Worm.Win32.Agent.ak: P1/P2 -IM Worm Win32.VB.as: P1/P2 Scan for the first test ("fresh mawlare"): Scan for...

  • ROOTKIT TEST B Next

    08 mai 2007 ( #KASPERSKY 6 TEST )

    16) Trojan Downloader Win32.Small.emg/SpamBot variant: We can't reproduce a real life situation for this test (the infection occurs via web sites), and we jus run the files locally. Detection with Helios Lite and Spyware Process Detector (a clone of Security...

  • OTHER MALWARES Part 8

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Backdoor VB.aw: P1/P2 -Dialer CapreDeam.p: P1/P2 -MSNIPstealer: F1/F2 (only detected by Webwasher) NB. This is here a hack tool designed to " steal" IP of MSN users."fail" results can't really be considered as important: the goal was more to demonstrate...

  • OTHER MALWARES Part 9

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Trojan Spy QQPass.rq: P1/P2 -Trojan Spy Bancos.tl: P1/P2 -Trojan Spy Bancos.yt: P1/P2 -Trojan Spy Banker.axc: P1/P2 -Trojan Spy Banker.ccc: P1/P2 -Trojan Spy PdPinch.gen: P1/P2 -Trojan Spy Banbra: P1/P2 -Backdoor Delf.ag: P1/P2 -Backdoor Shadows (detected...

  • OTHER MALWARES Part 10

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Trojan Downloader Small.dam: P1/P2 -Trojan Obfuscated.ev: P1/P2 -Trojan Spy Lmir.bgk: P1/P2 -Trojan Spy Mara.bo: P1/P2 -Trojan Spy Small.bs: P1/P2 Here again system process terminology is used: svchost is a generic process in relation with many services...

  • OTHER MALWARES Part 7

    08 mai 2007 ( #KASPERSKY 6 TEST )

    On part 7 and 8 we'll illustrate trojan spy and trojan bankers, a kind of brazilian speciality...People who use to surf on .br or .por domains should take a look at this site where an helpful forum and a specific tool are dedicated in the eradication...

  • OTHER MALWARES Part 5

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Bdoor backdoor: P1/P2 -Hanuman Backdoor: F1/P2 This backdoor does not try to be permanent by wrinting the run key (F1): -HKShell backdoor: P1/P2 -ICMPDoor backdoor: P1/P2 NB. ICMP is consdered as a "poor protocol", but it is certainly one of the most...

  • OTHER MALWARES Part 11

    08 mai 2007 ( #KASPERSKY 6 TEST )

    -Backdoor Aladino: P1/P2 -Backdoor Clindestine.152.a: P1/P2 Symantec? never heard of that... -Backdoor.Yuri (DrWeb and Panda have the more appropriated name): P1/P2 The "disable Task manager" choosed for the server is easily detected and blocked: -Backdoor...

  • ROOTKIT TEST PART A

    20 mai 2007 ( #KASPERSKY 6 TEST )

    Rootkit prevention and detection A) Detection and prevention protection: Also for prevention (service/driver instalation, phisical memory access) see the part 1 (behaviour tests). Here we use Agony rootkit to hide file, registry key and active process.We...

  • STEALTH KEYLOGGERS TEST

    27 mai 2007 ( #KASPERSKY 6 TEST )

    C) Stealth keyloggers: Here only the detection is concerned : these commercial programs needs to be installed first with administrator privileges. Some keyloggers hide their own folders (not seen in Program Files folder). The result are often: F1: fail...

1 2 > >>