Malware still malingering for up-to-date anti-virus users

[Broni]

HERE

A study by Panda Security revealed that 72 per cent of firms with up-to-date security software still had malware on their networks. The data - based on a sample of 1.5m users last year - also revealed that 23 per cent of home computers were infected. PCs protected by the security software from multiple vendors were affected by the problem.

The data comes from scans by users of Panda's ActiveScan online scanning tool.

Panda reckons the problem arises because the traditional anti-virus scanning approaches are no longer keeping up with the exponential growth in malware products. As a result, users are infected by threats that slip under the radar and leave little indication of their presence.

"The situation is getting out of control," said Luis Corrons, PandaLabs technologies manager.

In response to the problem, Panda Security is rolling out a change in its architecture so that malware detection is more automated. Clients are linked together through data centres that correlate data and push signature updates automatically. This approach, dubbed 'collective intelligence', is designed to overcome the shortcomings of the traditional approach of pushing out virus updates from a lab.

"We have automated the process and put it online," Panda's Pedro Bustamante explained, adding that the firm was moving towards the security as a service approach.

In order to raise awareness about the limitations of anti-virus technology, Panda Security has launched a campaign, Infected or Not, and a new site. Users and businesses will be offered the chance to run free security assessments.

The first ten firms to demonstrate they are not infected stand to win €5,000. Home users could win an iPod Nano.

Panda is using its collective intelligence approach alongside honeypots and malware exchange to draw up what it reckons is a real-time list of threats. Malware would be distinguished as such by its behaviour.

This seems to be more of a variation on a theme than the radical change the firm claims. Panda reckons that aggregation of the knowledge of a community of users can lead to better results. This smacks a little of the wisdom of crowds. It said information connected will be impersonal and confidential. Users would opt in to join a network.

There's more background on Panda's Infected or Not campaign here: http://www.pandasecurity.com/infected_or_not

[evilfantasy]

Hmm, depends how you define infected.

This is from a Panda scan I just had a user run. Is the PC clean or infected?

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-04-13 16:58:46
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Symantec AntiVirus Corporate Edition 10.0.2.2000 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================

00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.apmebf.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[2].txt
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0023629.EXE
02563309 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Documents and Settings\HP_Owner\DoctorWeb\Quarantine\A0017015.dl l
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0023624.sys

[elxr06]

i wish av's were 100% fool-proof and 100% non-vulnerable but it still is. Nothing is 100% perfect. Some stuff still gets through the AV anyway.

[Computer Hope Admin]

I didn't like the fact that I had to register, but was nice to have a web page work nicely in Firefox without having to rely on ActiveX.

Once again it's another spyware utility reporting cookies as spyware. I really dislike the fact that companies classify cookies as spyware when they're only used with the pages their associated with and don't track all browsing habits or cause havoc like most traditional spyware.

Finally, the scan is just that a scan. Just a way for Panda to get users not familiar with spyware threats to purchase their program. My system found 25 Cookies and although it says they're a low threat I think it's *very* deceptive that they don't explain how non-threatening these are and most likely *trick* a lot of users into purchasing their program.

Two thumbs down.. Get one of the many available freeware spyware protections and forget Panda.

[BC_Programmer]

Once again it's another spyware utility reporting cookies as spyware. I really dislike the fact that companies classify cookies as spyware when they're only used with the pages their associated with and don't track all browsing habits or cause havoc like most traditional spyware.

The fact that they label all cookies as spyware is analogous to if they labelled all executables as spyware. I mean, it's unlikely, but it COULD be a virus, so we better flag it.

Imagine the number of threats found with that...

[evilfantasy]

The Unofficial Cookie FAQ  - http://www.cookiecentral.com/faq/

2.4 Are Cookies Dangerous to My Computer?

NO. A cookie is a simple piece of text. It is not a program, or a plug-in. It cannot be used as a virus, and it cannot access your hard drive. Your browser (not a programmer) can save cookie values to your hard disk if it needs to, but that is the limit of the effect on your system.

[BC_Programmer]

that is kind of what I mean- cookies aren't really dangerous in the first place, but they still perform no real filtering to find out if any of them are actually tracking cookies. If they can't determine wether it is a tracking cookie why include it in the list?