Keep playing it down, Its FUD, Right ?
Posted by: Jacques Erasmus
However, this is something that many fail to acknowledge. The Trojan is designed for maximum effect, stealing personal details to make the owner cold hard cash, as opposed to being an exercise in gaining kudos when it infects its millionth victim. Yet, despite this marked professionalism on behalf of the malware writer, it seems that many in the industry would rather bury their heads in the sand, this post by Mcafee being a case in point here.
I particularly like this comment:
"Limbo 2 does no such thing. It’s a simple PWS-Banker Trojan as far as security software is concerned." -- Alyssa Myers, Avertlabs
I doubt consumers out there will think the same once their machines have been infected with this Trojan or any similar Trojan while protected by McAfee’s Internet Security Suite, which in spite of its claims doesn’t protect against Limbo 2. Below we see the key features of Mcafee Internet Security Suite, of course if Mcafee say it’s a "simple PWS-Banker" it should detect it without issue, Right? Hmm. Wrong.
10-in-1 Prevention and Protection
• Safe Search, Safe Surf. McAfee® SiteAdvisor™ adds ratings to websites to help you avoid online dangers.
• Home License Subscription Service. Automatically delivers the latest software features and threat updates and lets you easily manage security subscriptions for all your PCs.
• Stops Viruses. Blocks and removes viruses and even stops them before they even get to your PC.
• Stops Hackers. Protects and conceals your computer from hackers.
• Blocks Spyware. Blocks spyware before it installs on your computer and removes existing spyware.
• Improves PC Health. Cleans clutter off your computer so it stays healthy and secure.
• Secures Your Identity. Guards your identity from online fraud scams and identity thieves.
• Prevents Spam & Email Scams. Shields you from junk email.
• Protects Children Online. Filters offensive content, pictures, and websites.
• Backs Up & Restores Files. Automated back-up and one-click restore to protect your photos, music and important files.
Funny, I thought the Blocks Spyware claim above sort of implies it should stop Limbo 2 before it even installs. Hmmm, a bit of a disagreement between Alyssa and McAfee’s marketing blurb here.
The reality is, Limbo 2 is just another in a long line of powerful malware technologies that walk right thru the top security products as if they weren’t there. And because these products don’t detect infections like Limbo 2 the user thinks they are completely safe, exposing more and more of their information.
It is time for the major security vendors to come clean. In McAfee’s case maybe the marketing guys should get a view on how their products work and what they are meant to stop.
There is a lot of blind consumer faith in the large vendors, most people feeling comforted by the power of a big brand. Simply by saying "if it’s out there we will find it" will make most people reach for the well -known red or yellow box when their renewal period next comes around. However, highly advanced low-level Trojans like these, which cost thousands of dollars each, simply won't be spammed out to 10 million people a day and will therefore continue to remain below the radar. Is something which has only infected 50-100 people and is continually changing ever going to be important enough to warrant a signature update? It’s a numbers game right?
As long as the current product is making money, looks nice and doesn’t crash their computer consumers will continue using it with a warm and secure glow,, unaware that somewhere in Eastern Europe their bank details are being hawked on an illegal forum for 10% of the account balance. It seems to me that the large AV companies could learn a lot from watching how their adversaries operate, because at least their product comes with some kind of guarantee.
/Rant over
5 comments so far
- JoshWink on Aug 13 23:10, 2008
- Natasha Reshev on Oct 24 15:08, 2008
Oh, Thanks! Really funny. Big ups!
personally i experienced such exploitation myself. In 2006 my pc was brand new and cherry as all get out. I reformated it every month for a year and was disgusted with Nortons antivirus and firewall. I discoverd a trial version of prevx 1 from a reference at the yahoo tech forums. After i had the program i looked for the post and it had been nerfed. Prevx is very dangerous to status quo. It works and it cost less then half of norton and requires no fire wall..you folk do that math. Who runs these guys anyway ...they sell a bad product year after year and are never held accountable. They must Know their stuff is crap..i wonder really if those "professional malware writers work for Norton Etc. its like the company's get you coming for bogus protection and the rackets get you going saying.."Thats the price you pay chump" At least the oil company sells a valuable and reliable product for its obscene 8% profits.
...hehe,personally,I would bet that AvertLabs does NOT even have copies of Limbo itself,lmao...
Making a fuzz around while desperately trying to maintain their "status quo",
that they "supposedly" still maintain/develop a reliable AV product...
Even the most 'unsuspected' end-user out there can spot that fact,
just by looking last month's posts in their blog:
trying to convince people about the number of variants that they have archived in their "zoos",
while at the same moment,tons malware goes undetected by their apps...
heh,too much marketing,and way less hunting...