APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Are A/V vendors really this clueless?

© April 2015 Anthony Lawrence

According to "Botnet that enslaved 770,000 PCs worldwide comes crashing down", this "Simda" botnet was very stealthy, because it "morphed into a new, undetectable form every few hours, allowing it to stay one step ahead of many antivirus programs.".

Well, polymorphic viruses are nasty little beasts, so I suppose it's great that they did manage to finally control this. We can all breathe a little easier and sleep more soundly thanks to the truly brilliant efforts of A/V researchers.

But hold on a minute. According to that article:

The malware modified the HOSTS file Microsoft Windows machines use to map specific domain names to specific IP addresses. As a result, infected computers that attempted to visit addresses such as connect.facebook.net or google-analytics.com were surreptitiously diverted to servers under the control of the attackers. Often the booby-trapped HOSTS file remains even after the Simda backdoor has been removed.

What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server? For real? Such a basic and obvious check is not done?

Wow. That's disturbing.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Are A/V vendors really this clueless?


Inexpensive and informative Apple related e-books:

Take Control of iCloud

Take Control of Apple Mail, Third Edition

Take Control of iCloud, Fifth Edition

Take Control of Preview

Photos: A Take Control Crash Course

More Articles by © Anthony Lawrence

Wed Apr 15 13:51:38 2015: 12662   Alexi


> What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server?

I wouldn't be surprised if some meddling busybodies in $MANAGEMENT decided, in a misguided attempt to improve benchmarking performance, to "deprioritize 'legacy' vectors" and instead focus on "the heuristic analysis of emergent trends"

Wed Apr 15 13:53:53 2015: 12663   TonyLawrence


I love the way you put that :)


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Better to fight for something than live for nothing. (George S. Patton)

Linux posts

Troubleshooting posts

This post tagged:


Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode

SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)