+ Reply
Results 1 to 8 of 8

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Russian Security Firm Dr. Web States Symantec and Kaspersky Numbers were Inaccurate

is a discussion within the

Mac News

forums, a part of the

General Apple/Mac

section;
...
  1. #1
    MMi Staff Writer Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    4,050
    Thanks
    3
    Thanked 129 Times in 114 Posts

    Default Russian Security Firm Dr. Web States Symantec and Kaspersky Numbers were Inaccurate


    In an updated status report from the Russian security firm that first discovered the Flashback trojan (Dr. Web) it is being said that recent findings disagree with the statements that both Symantec and Kaspersky Labs released. Dr. Web’s status report is warning the public that the number of machines affected by the malware is not declining as many are stating.

    After citing data from its analysis of the largest Mac botnet to date, Dr. Web states that around 560,000 computers are still affected, which is quite the contradiction to the 30,000 number recently provided by the well-known security companies, Symantec and Kaspersky. It is being said that the data from the larger companies’ servers were likely inaccurate due to Flashback’s use of complex domain name creation techniques and a unique TCP connection operation that effectively masks bots from command and control servers.

    According to the Russian security firm: "BackDoor.Flashback.39 uses a sophisticated routine to generate control server names: a larger part of the domain names is generated using parameters embedded in the malware resources, others are created using the current date. The Trojan sends consecutive queries to servers according to its pre-defined priorities."

    Upon the early discovery of the malware, Dr. Web registered for the main domains used as Flashback command servers while other security firms most likely use “hijacked servers” that are in this case less reliable. The report explains that Flashback’s mode of operation allows its network of bots to go largely unnoticed by the hijacked servers which could be the reason for the reported numbers of affected machines. "On April 16th additional domains whose names are generated using the current date were registered. Since these domain names are used by all BackDoor.Flashback.39 variants, registration of additional control server names has allowed to more accurately calculate the number of bots on the malicious network, which is indicated on the graph."

    The company continues to notes that the trojan send requests to a server run by an unidentified third party, which in turn communicates with the bots but fails to close the TCP connection. This action is critical to researchers as it puts the bots in standby mode, which means they don’t communicate with other command servers monitored by information security specialists.

    As of right now, both Symantec and Kaspersky have not responded to the new report and continue to reflect a “very low” threat level from the Flashback trojan on their respective websites.

    Source: Dr. Web

    Twitter: @AkshayMasand

  2. #2
    Livin the iPhone Life KraXik's Avatar
    Join Date
    Mar 2011
    Location
    Winchester, UK
    Posts
    2,624
    Thanks
    2,671
    Thanked 1,754 Times in 891 Posts

    Anyone else think they are saying this to get people to buy their anti-virus software?

  3. #3
    My iPhone is a Part of Me iPittsburgh's Avatar
    Join Date
    Oct 2010
    Location
    Pennsylvania
    Posts
    983
    Thanks
    8
    Thanked 102 Times in 99 Posts

    Quote Originally Posted by KraXik View Post
    Anyone else think they are saying this to get people to buy their anti-virus software?
    Yep, sounds like fear mongering to me.

  4. #4
    Green Apple
    Join Date
    Jan 2012
    Posts
    62
    Thanks
    0
    Thanked 0 Times in 0 Posts

    I definitively trust Symantec way more than this dr.web crap

  5. #5
    Green Apple HCWHunter's Avatar
    Join Date
    Jun 2010
    Location
    So. Calif.
    Posts
    93
    Thanks
    1
    Thanked 9 Times in 5 Posts

    Yeah, either that or Dr. Web are involved in creating the trojan themselves. Maybe both.

  6. #6
    Livin the iPhone Life steve-z17's Avatar
    Join Date
    Sep 2007
    Location
    Utah
    Posts
    2,259
    Thanks
    91
    Thanked 144 Times in 123 Posts

    Boo-hoo! It takes like 2 min or less to get the trojan off your Mac. At least you don't have to run scans for awhile to actually find the virus/trojan then remove it....probably is a big stunt to sell anti-virus software as mentioned above.

  7. #7
    iPhoneaholic Norb's Avatar
    Join Date
    Jan 2011
    Location
    Mountain View, California
    Posts
    407
    Thanks
    22
    Thanked 51 Times in 31 Posts

    Dr.Web is very reputable... I've downloaded more ram from them in the past for a very good price.

  8. #8
    iPhoneaholic
    Join Date
    Oct 2008
    Posts
    319
    Thanks
    1
    Thanked 34 Times in 22 Posts

    I have never heard of Dr.Web before; however, I have heard of Kasperski and Symantec. While I don't like Symantec's software (it just runs too slowly), I do know both of these companies to be reputable when it comes to identifying and removing Malware and Viruses, so they are the ones that I will trust.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts