Thursday, October 1, 2009

How do old viruses slip past Norton antivirus, autoprotect enabled?

My friend's computer--clean (Norton, Spybot and Ad Aware scans) 10 days ago. Norton is autoprotect enabled. Spybot and Ad Aware are the free versions; no real-time protection, but both were updated and Spybot immunized.



Friday, six days later, when computer booted, they noticed strange things...in fact, Smitfraud (and other, similar) spyware. When I checked logs and quarantines, I found that my friend had run Ad Aware on Friday, fixing 130+ problems (not all tracking cookies). Yesterday--yes, they waited five days, hoping it would fix itself--they called me in.



I've cleaned it up (what a chore), but when I ran a full system anti-virus scan, Norton found and quarantined a handful of nasties. When I looked them up, it seems that none is a recently discovered problem--WinFixer, ISearch and Trojan.Anser being the worst of the bunch. And Norton's definitions updates from many months ago should have prevented them. So how do they slip past Norton?



How do old viruses slip past Norton antivirus, autoprotect enabled?computer repair



New variants of old malware are constantly being developed by the 'black-hats' to avoid detection by signature-based anti-malware products. For example the Zlob trojan, the culprit behind Smitfraud, has almost 2000 different variants and the number grows daily.



This is why anti-virus apps such as Kaspersky are now issuing new virus defination updates on an hourly basis now. Weekly (Norton) or even daily updates just don't cut it any more!

No comments:

Post a Comment