Rogue Antivirus Product Wars

All antivirus companies are being hit with the next wave of malware: Rogue antivirus tools like Antivirus 2010. This code throws messages on the user's screen that they are infected, and "download here to get rid of the malware". Sure enough, that gets the Trojan installed.

Our (Sunbelt Software the makers of Vipre AV) CEO Alex wrote about this: "For what it's worth, as someone who is on the inside of an AV company and is intimately familiar with these threats, the reality is that no AV vendor, ESET, McAfee, Sunbelt, Sophos, Symantec, etc. can give you 100% coverage against it.

These new fake antivirus variants are some of the most vicious, polymorphic Trojans this industry has seen. They use extremely complex obfuscation techniques which make detection quite challenging by even the best antivirus engine. Many of these rogues are also service-side polymorphic. That means every time an exe is downloaded, it's recompiled on the server-side into a different piece of code.

And, there are about 75,000 new tier-1 pieces of malware coming out every day. So your AV vendor, realistically, is only going to be one layer of protection, no matter what the sales guy might say. (That being said, AV is a must. Just look at viruses like Conficker, Sality, Virut, etc. These are viruses that the industry does a pretty good job at, and if they get into your network and you don't have endpoint protection, it's quite messy.)

This is a direct reprint from the March 23rd Sunbelt Security News regarding the the Rogue we have been warning you about. For a lot more information follow the link above. ~ Steve