full screen background image
Search
Monday 11 December 2017
  • :
  • :

Security Advice – The Antivirus is just a security helper!

Hello again.
Most computer users do not have a specific IT security training.
They use simple passwords, save them in computer files, and use them for multiple authentications.
Another problem would be downloading and using pirated software, even if it is known that most of them are infected. (When something is free you are not the customer but the product!)


There is more to be written, but today’s topic is about Antivirus.

Having no specific training, most users are protected from viruses with software called Antivirus.
This software identifies suspicious files or connections and blocks them or announces their presence.
I’ve prepared a virus that if it get into the computer can have full access and I’ll try to see the impact on antivirus softwares.
A good way to find out is to scan the file on a platform connected to all Antivirus databases.

So, i have 2 files. The original virus i made and a encrypted one.

Let’s scan the original virus!

This it’s not bad. 50/67 of antivirus engines know that the file it’s a virus.

Here you may see the list!

The second file was encrypted to be a invisible virus.

Woow … 5/67 antivirus engines?!?

Here you may see the list!

I hope you understand where the problem is. This encrypted virus can enter the computer even if we have an antivirus.
The explanation is very simple. The Antivirus only sees what the programmer has added on his database.

______________________________________

If the proggramer has added on his database this code:

start PstPassword.exe /stext PstPassword.txt
start WebBrowserPassView.exe /stext WebBrowserPassView.txt

start WirelessKeyView.exe /stext WirelessKeyView.txt

start rdpv.exe /stext rdpv.txt


start VNCPassView.exe /stext VNCPassView.txt

When Antivirus will see this code part, it will know that this is part of a software that steals passwords from your computer. It will notify the administrator and will isolate the application.

This is because the programmer added this code to the database and classified it as suspicious.

What if Antivirus sees something like this:

c3RhcnQgUHN0UGFzc3dvcmQuZXhlIC9zdGV4dCBQc3RQYXNzd29yZC50eHQNCnN0YXJ0IFdlYkJyb3dzZXJQYXNzVmlldy5leGUgL3N0ZXh0IFdlYkJyb3dzZXJQYXNzVmlldy50eHQNCnN0YXJ0IFdpcmVsZXNzS2V5Vmlldy5leGUgL3N0ZXh0IFdpcmVsZXNzS2V5Vmlldy50eHQNCnN0YXJ0IHJkcHYuZXhlIC9zdGV4dCByZHB2LnR4dA0Kc3RhcnQgVk5DUGFzc1ZpZXcuZXhlIC9zdGV4dCBWTkNQYXNzVmlldy50eHQ=

If the programmer does not have this encrypted code in the database, the Antivirus will completely ignore it.

What I want you to understand is that antivirus is just a security helper. You are the most important part of cyber security.


Try to learn how to protect yourself!

 

Have fun & Stay safe!!!



Alex Anghelus

Cyber Security, Pentesting & Ethical Hacking Freelancer –
Malware Reverse Engineering Researcher


One thought on “Security Advice – The Antivirus is just a security helper!

Leave a Reply

Your email address will not be published. Required fields are marked *