| _____________________________________________________________________ Did the Anti-Virus
and Anti-Trojan Vendors Miss Out Something? Which vendor
heeds CyberPol’s warning?
Phoenix
Chief Security Officer (CSO)
CyberPol
Norton Anti-virus.
Mcafee Anti-virus. PC-Cillin Anti-Virus. Panda Anti-virus.
Sophos Antivirus.
Kaspersky Labs AVP antivirus. Agnitum Tauscan. MooSoft
Cleaner. Trojan Defense Suite 3.
Dr. Solomon Antivirus, and plenty of others.
No doubt these
antivirus and antitrojan packages have helped stem the
tide of malicious and harmful
viruses and Trojan horses. But did they miss out
something lurking out there in the wild?
In July 2001, I came
across a very popular website that offers free downloads
of security-related
software. I downloaded a software, later to be named
keytrap Trojan by both Kaspersky Labs and
Agnitum and installed it. It was a keylogger program. A
keylogger program is a program that installs
itself into the computer and registry and logs in the
keystrokes of anyone using the computer,
without the user’s knowledge. These programs are
legitimate by themselves. But even a reader of
the popular website agreed that it could be used for
malicious purposes. His opinion is exactly the
same as me.
I discovered this
"Trojan" by a stroke of luck. I used Agnitum’s
Tauscan to perform a routine Trojan
horse cleaning. Later when I turned on the Advanced
Trojan Analyser engine of Tauscan, it detected
the Trojan horse after 5 hours of deep scanning. However,
the detection was incorrectly identified as
Simple Trojan 1.0.
I began to e-mail
the major antivirus vendors around the world and
Kaspersky Labs and Agnitum
were the very first to get back to me. They were most
courteous, prompt and quick to follow up.
What is most important is that they both correctly agreed
that if a program can be used for malicious
purposes, then it should be included in the virus
database for detection and removal.
I hold them in very
high esteem. Two other top anti-virus vendors require
more time consuming and
complex virus sample submission methods and were not
prompt in return my e-mails. One other
antitrojan vendor completely ignore my e-mail. Only
Kaspersky Labs AVP Antivirus and Agnitum
Tauscan AntiTrojan completely outscored and outclassed
the competition in terms of 24-hour
response time and support.
This article should
serve as a wake up call to the other vendors. I was
shocked to see so many
so-called "legitimate" keyloggers being offered
as free downloads from one of the most popular
sites on the internet. These programs can be used by
insiders of organizations and large corporations
to capture important words, e-mail, passwords and who
knows what else.
I tried the programs
on our computer and retrieved the log file. Whatever
password and ID I have keyed
in earlier was completely captured in the log file.
Most of the vendors,
except for Kaspersky Labs AVP Antivirus and Agnitum
Tauscan, totally ignored
this class of Trojans and label them as legitimate.
CyberPol, Kaspersky
Labs and Agnitum were completely correct in our course of
action.
I wish to reiterate
my comments here: "Any program, no matter how
legitimate it may seem to be, should
be included in a virus/Trojan database for detection and
removal IF there is a potential for it to be used
maliciously."
I will continue to
root out so-called "legitimate" keyloggers and
submit them to Kaspersky Labs and
Agnitum for diagnosis and inclusion into their databases
as these are serious in nature. It’s time the
other antivirus/antitrojan vendors heed CyberPol’s
warning.
No doubt, CyberPol
will also continue in its research and development
operations against viruses and
Trojans together with its top officers from Canada,
England, Northern Ireland, Singapore, USA,
Australia, Mauritius and other countries.
"Prevention is
better than Cure"
For more details,
pls visit:
http://www.kaspersky.com
http://www.agnitum.com
Our article is
featured on both Kaspersky Labs and Agnitum’s
website.
Regards.
Phoenix.
CSO
CyberPol.
|
