Enviar búsqueda
Cargar
Zeus and Antivirus
•
1 recomendación
•
517 vistas
S
Scientia Groups
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 6
Descargar ahora
Descargar para leer sin conexión
Recomendados
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
Lumension
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojan
Cyphort
Why One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
GFI Software
Virus and antivirus
Virus and antivirus
Prem Sahu
Preventing Known and Unknown Threats
Preventing Known and Unknown Threats
OPSWAT
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2
Scott Brown
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
OPSWAT
Antivirus
Antivirus
Pankaj Kumawat
Recomendados
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
Lumension
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojan
Cyphort
Why One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
GFI Software
Virus and antivirus
Virus and antivirus
Prem Sahu
Preventing Known and Unknown Threats
Preventing Known and Unknown Threats
OPSWAT
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2
Scott Brown
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
OPSWAT
Antivirus
Antivirus
Pankaj Kumawat
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
OPSWAT
Computer virus 2
Computer virus 2
Nishant Reshwal
Modeling and Containment of Uniform Scanning Worms
Modeling and Containment of Uniform Scanning Worms
IOSR Journals
A generic virus scanner in c++
A generic virus scanner in c++
UltraUploader
Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021
Alexandre Rebert
Defense Innovation Summit
Defense Innovation Summit
OPSWAT
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
Computer Science Club
How Antivirus detects VIRUS
How Antivirus detects VIRUS
Satyam Sangal
Network virus detection & prevention
Network virus detection & prevention
Khaleel Assadi
Antivirus
Antivirus
ava & araf co.
Security Vulnerabilities in Modern Operating Systems
Security Vulnerabilities in Modern Operating Systems
Cisco Canada
Ast 0052862 Sophos Stopping Fake Antivirus Wpna Sept11
Ast 0052862 Sophos Stopping Fake Antivirus Wpna Sept11
Josh Castellano
Antivirus update reaction times of major antivirus vendors
Antivirus update reaction times of major antivirus vendors
UltraUploader
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
UltraUploader
Ch03 Network and Computer Attacks
Ch03 Network and Computer Attacks
phanleson
Anti virus and current trends
Anti virus and current trends
Athena Catindig
Virus & Antivirus
Virus & Antivirus
Anirudh Kannan
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
Zbot/Zeus And Antivirus
Zbot/Zeus And Antivirus
Kim Jensen
Code Red Virus
Code Red Virus
mBlackwell
Code Red Virus
Code Red Virus
smithz
Code Red Worm
Code Red Worm
RaDe0N
Más contenido relacionado
La actualidad más candente
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
OPSWAT
Computer virus 2
Computer virus 2
Nishant Reshwal
Modeling and Containment of Uniform Scanning Worms
Modeling and Containment of Uniform Scanning Worms
IOSR Journals
A generic virus scanner in c++
A generic virus scanner in c++
UltraUploader
Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021
Alexandre Rebert
Defense Innovation Summit
Defense Innovation Summit
OPSWAT
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
Computer Science Club
How Antivirus detects VIRUS
How Antivirus detects VIRUS
Satyam Sangal
Network virus detection & prevention
Network virus detection & prevention
Khaleel Assadi
Antivirus
Antivirus
ava & araf co.
Security Vulnerabilities in Modern Operating Systems
Security Vulnerabilities in Modern Operating Systems
Cisco Canada
Ast 0052862 Sophos Stopping Fake Antivirus Wpna Sept11
Ast 0052862 Sophos Stopping Fake Antivirus Wpna Sept11
Josh Castellano
Antivirus update reaction times of major antivirus vendors
Antivirus update reaction times of major antivirus vendors
UltraUploader
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
UltraUploader
Ch03 Network and Computer Attacks
Ch03 Network and Computer Attacks
phanleson
Anti virus and current trends
Anti virus and current trends
Athena Catindig
Virus & Antivirus
Virus & Antivirus
Anirudh Kannan
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
La actualidad más candente
(18)
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Computer virus 2
Computer virus 2
Modeling and Containment of Uniform Scanning Worms
Modeling and Containment of Uniform Scanning Worms
A generic virus scanner in c++
A generic virus scanner in c++
Increasing DevSecOps Maturity Level in 2021
Increasing DevSecOps Maturity Level in 2021
Defense Innovation Summit
Defense Innovation Summit
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
How Antivirus detects VIRUS
How Antivirus detects VIRUS
Network virus detection & prevention
Network virus detection & prevention
Antivirus
Antivirus
Security Vulnerabilities in Modern Operating Systems
Security Vulnerabilities in Modern Operating Systems
Ast 0052862 Sophos Stopping Fake Antivirus Wpna Sept11
Ast 0052862 Sophos Stopping Fake Antivirus Wpna Sept11
Antivirus update reaction times of major antivirus vendors
Antivirus update reaction times of major antivirus vendors
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
Ch03 Network and Computer Attacks
Ch03 Network and Computer Attacks
Anti virus and current trends
Anti virus and current trends
Virus & Antivirus
Virus & Antivirus
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Destacado
Zbot/Zeus And Antivirus
Zbot/Zeus And Antivirus
Kim Jensen
Code Red Virus
Code Red Virus
mBlackwell
Code Red Virus
Code Red Virus
smithz
Code Red Worm
Code Red Worm
RaDe0N
Zeus
Zeus
MaGn3t0
Computer Worms
Computer Worms
sadique_ghitm
Computer virus
Computer virus
Ra Bia
Destacado
(7)
Zbot/Zeus And Antivirus
Zbot/Zeus And Antivirus
Code Red Virus
Code Red Virus
Code Red Virus
Code Red Virus
Code Red Worm
Code Red Worm
Zeus
Zeus
Computer Worms
Computer Worms
Computer virus
Computer virus
Similar a Zeus and Antivirus
How to cure yourself of antivirus side effects @ReveeliumBlog
How to cure yourself of antivirus side effects @ReveeliumBlog
ITrust - Cybersecurity as a Service
12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malware
Digital Pymes
Protecting Against the New Wave of Malware
Protecting Against the New Wave of Malware
GFI Software
11 virus vs. antivirus
11 virus vs. antivirus
singhhp10699
Android anti virus analysis
Android anti virus analysis
Muhammad Majid Majid
How to Audit
How to Audit
ayousif
Virus and Anti virus
Virus and Anti virus
Faisal Hassan
Maranan chap2 lab2
Maranan chap2 lab2
maranan_zyra
Stay Secure: Unveiling the Power of Antivirus Software
Stay Secure: Unveiling the Power of Antivirus Software
SoftwareDeals
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
Teodoro Cipresso
Antivirus program ----neri
Antivirus program ----neri
aejay_neri
NetWitness
NetWitness
TechBiz Forense Digital
A generic virus detection agent on the internet
A generic virus detection agent on the internet
UltraUploader
How Antivirus Programming Can Shield Your Advanced World.pdf
How Antivirus Programming Can Shield Your Advanced World.pdf
Blogger
Cataluña antivirus programs paper
Cataluña antivirus programs paper
Jennifer Cataluña
Hamilton lara 2011
Hamilton lara 2011
Lorie Jane Abao
Cataluña antivirus program
Cataluña antivirus program
Jennifer Cataluña
Securing data flow to and from organizations
Securing data flow to and from organizations
OPSWAT
Virus & Anti Virus ppt
Virus & Anti Virus ppt
OECLIB Odisha Electronics Control Library
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
Diane M. Metcalf
Similar a Zeus and Antivirus
(20)
How to cure yourself of antivirus side effects @ReveeliumBlog
How to cure yourself of antivirus side effects @ReveeliumBlog
12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malware
Protecting Against the New Wave of Malware
Protecting Against the New Wave of Malware
11 virus vs. antivirus
11 virus vs. antivirus
Android anti virus analysis
Android anti virus analysis
How to Audit
How to Audit
Virus and Anti virus
Virus and Anti virus
Maranan chap2 lab2
Maranan chap2 lab2
Stay Secure: Unveiling the Power of Antivirus Software
Stay Secure: Unveiling the Power of Antivirus Software
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
Antivirus program ----neri
Antivirus program ----neri
NetWitness
NetWitness
A generic virus detection agent on the internet
A generic virus detection agent on the internet
How Antivirus Programming Can Shield Your Advanced World.pdf
How Antivirus Programming Can Shield Your Advanced World.pdf
Cataluña antivirus programs paper
Cataluña antivirus programs paper
Hamilton lara 2011
Hamilton lara 2011
Cataluña antivirus program
Cataluña antivirus program
Securing data flow to and from organizations
Securing data flow to and from organizations
Virus & Anti Virus ppt
Virus & Anti Virus ppt
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
Más de Scientia Groups
System Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise Automation
Scientia Groups
System Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT Automation
Scientia Groups
System Center Endpoint Protection
System Center Endpoint Protection
Scientia Groups
Brute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected Setup
Scientia Groups
NIST Definition of Cloud Computing
NIST Definition of Cloud Computing
Scientia Groups
Delivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefi
Scientia Groups
NSA Best Practices Datasheets
NSA Best Practices Datasheets
Scientia Groups
Cybercriminals target online banking
Cybercriminals target online banking
Scientia Groups
Dgmdv 1
Dgmdv 1
Scientia Groups
Partners Guide - System Center
Partners Guide - System Center
Scientia Groups
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
Scientia Groups
CISO Survey Report 2010
CISO Survey Report 2010
Scientia Groups
2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating Deck
Scientia Groups
Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10
Scientia Groups
Más de Scientia Groups
(14)
System Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise Automation
System Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center Endpoint Protection
System Center Endpoint Protection
Brute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected Setup
NIST Definition of Cloud Computing
NIST Definition of Cloud Computing
Delivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefi
NSA Best Practices Datasheets
NSA Best Practices Datasheets
Cybercriminals target online banking
Cybercriminals target online banking
Dgmdv 1
Dgmdv 1
Partners Guide - System Center
Partners Guide - System Center
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
CISO Survey Report 2010
CISO Survey Report 2010
2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating Deck
Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10
Último
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Zilliz
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
Último
(20)
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Zeus and Antivirus
1.
Measuring the in-the-wild
effectiveness of Antivirus against Zeus Trusteer September 14, 2009 Trusteer, Inc.142 Wooster St. New York, NY 10012Sales 646.247.5669info@trusteer.comwww.trusteer.com
2.
Introduction
There are many reports on how anti-virus products fare against malware, yet most of these reports focus on in-the-lab testing of specific malware strands against a specific antivirus configuration. Very little is said about the situation in the field – where malware distribution statistics (and to some extent, antivirus distribution statistics) are unclear. Trusteer is uniquely positioned in a way that enables it to get a comprehensive view of consumer world PCs – Trusteer Rapport is installed on millions of consumer PCs and reports statistics of malware infection and security software installed. We chose to focus on Zeus (also known as Zbot, WSNPOEM, NTOS and PRG) as it tops the list of financial Trojans. In other words, Zeus is probably the most painful financial malware out there, both in terms of infection size, and in terms of effectiveness. About Zeus Zeus is a financial malware. It infects consumer PCs, waits for them to log onto a list of targeted banks and financial institutions, and then steals their credentials and sends them to a remote server in real time. Additionally, it may inject HTML into the pages rendered by the browser, so that its own content is displayed together (or instead of) the genuine pages from the bank’s web server. Thus, it is able to ask the user to divulge more personal information, such as payment card number and PIN, one time passwords and TANs, etc. 1 Zeus uses some rootkit techniques to evade detection and removal. http://www.networkw Zeus is the #1 botnet, with 3.6 million PCs infected in the US alone (i.e. orld.com/news/2009/0 72209-botnets.html approximately 1% of the PCs in the US), according to a recent report1. This is backed by Trusteer’sfield figures as well, as can be seen in the following pie chart of relative financial malware distribution: Security Advisory l 2 White Paper © 2009 Trusteer, Inc.
3.
Methodology Our research is
based on statistics gathered from Rapport agents running on users’ PCs. Rapport detects Zeus through a unique fingerprint left by Zeus when it penetrates the browser process. This fingerprint is an inherent part of Zeus’s modus operandi. Rapport detects the existence of antivirus products and whether they’re up-to-date via the Windows Security Center. Note that some antivirus solutions do not report to the Windows Security Center. In this scenario we categorize the machine as not having an antivirus. This means that the real number of users who are infected with Zeus and run an up-to- date antivirus is actually bigger than the number we detected, indicating that the problem is even worse than our findings. Raw statistics The following data has been collected from consumer PCs during one day in September 2009: General Population Zeus-infected No Antivirus found 23% 31% Antivirus found but not up-to-date 6% 14% Antivirus is up-to-date 71% 55% The Zeus-infected population we sampled consisted of 10,000 machines. Security Advisory l 3 White Paper © 2009 Trusteer, Inc.
4.
A quick glimpse
at this table already reveals a disturbing phenomenon – the majority of Zeus infections occur on machines which have an installed an up-to-date anti-virus product. The distribution of antivirus products we observed on infected and clean machines is pretty constant and therefore we cannot attribute infections to a specific set of antivirus products that perform less effectively than the others. Security Advisory l 4 White Paper © 2009 Trusteer, Inc.
5.
Quantitative Analysis The data
above enables us to calculate the efficiency of anti-virus products at large, as well of that of specific products. To this end, we can employ the Bayesian theorem: AVUTD = Antivirus is up-to-date NoAV = No antivirus found p(Zeus|AVUTD)=p(AVUTD|Zeus)*p(Zeus)/p(AVUTD) p(Zeus|NoAV)=p(NoAV|Zeus)*p(Zeus)/p(NoAV) Dividing both sides, we obtain the following ratio: p(Zeus|AVUTD)/p(Zeus/NoAV)=(p(AVUTD|Zeus)*p(NoAV))/(p( AVUTD)*p(NoAV|Zeus)) We can now substitute values: p(AVUTD|Zeus)=0.55 p(NoAV|Zeus)=0.31 p(AVUTD)=0.71 p(NoAV)=0.23 This yields: Security Advisory l 5 White Paper © 2009 Trusteer, Inc.
6.
p(Zeus|AVUTD)/p(Zeus|NoAV)=0.77 In other words,
installing an anti-virus product and maintaining it up to date reduces the probability to get infected by Zeus by 23%, compared to running without an anti-virus altogether. The effectiveness of an up to date anti virus against Zeus is thus not 100%, not 90%, not even 50% - it’s just 23%. Conclusion We measured the efficiency of antivirus products in the wild, against Zeus. In a sense, it’s more accurate than in-the-lab experiments, since it measures the real phenomenon – the actual infections in the wild, vs. real antivirus deployment in the wild. The result we measured, efficiency level of 23%, is disturbing, and reveals that the vast majority of Zeus infections go unnoticed by antivirus products. Security Advisory l 6 White Paper © 2009 Trusteer, Inc.
Descargar ahora