AVs fail Again
Lately I have seen many web downloads, some at forums and some at rapidshare and also a few torrents such as “Adobe Acrobat 9″ that include installation and a crack.
The installation or crack is in a password protected rar file that in order to get the password, one must run the suppled tool called “XXX Password Generator”.
This installs another variant of the AntiVirus 2008, I can truly say I can’t tell anymore if it comes from the same guys, ok of course it’s them but there is just no way they got so much man power to write so many completely different versions!!!
Here are the websites it pops up to purchase from:
Installs executables at:
which is today detected by 24 of 36 AV vendors
This virus adds a scary DANGER! iframe to your desktop.htt, who would remove this for you?
It installed some dlls and executables which are very known to AVs:
There is as another variant I found called “AntiMalwareGuard_Free.exe” packed with PECompact 2.xx, this is considered detected relatevly to the other variants 19 of 36 AV vendors detect it.
So where is the problem???
The Troajn Downloader it self wasn’t detected by any vendor and now 2 month after I found it (which means the vendors got the samples from my virustotal file upload 2 month ago), now it is detected by only 15 AV vendors!!!
Kaspersky! McAfee! TrendMicro! Panda! F-Secure! Fortinet! Where are you people?!?!?!?!
The malicious guys have no problem replacing the executables at the server side to avoid detection, they even have the man power to write completely new ones.