Wikileaks has just revealed a government sponsored and used malware calked finFisher. WikiLeaks - SpyFiles 4
The developers of this malware apparently tested all antivirus products to see if their malware can penetrate these antivirus products or not, and wikileaks published the AV test document. WikiLeaks - SpyFiles 4
COMODO Internet Security proved itself against government malware that it has solid protection and no infection!!! This is what the creator of the malware says according to wikileaks.
Now you know how powerful Comodo is when protecting you
I really like CIS because it keeps me virus free, it gives me full control over what happens to an unknown application.
Thanks Melih and Comodo for providing this great software for free. Hopefully the next version of CIS will be even better
I tried to download the file on my mobile but it just started opening tab after tab after tab, suddenly over a hundred tabs… I’ll check it when I get home…
COMODO Internet Security proved itself against government malware that it has solid protection and no infection!!! This is what the creator of the malware says according to wikileaks.
Hmmmm.
Per release notes 4.51 PDF:
FinSpy Target / Rootkit
Windows 7 and Windows 8 64 bit with Comodo
The infection will be completed and the heartbeats will be sent only after the target machine rebooted.
From the 4_50.xlsx file, it can be seen that Comodo is one of less than a handful the across the board warns of infection. However, it does not alert on the scans.
That’s still pretty good protection as last layer of defense; its got to run the gauntlet of D+ HIPS + Firewall. I’d still want to see more ‘fail’ in red listed there.
I was glad that Comodo Firewall warned with the Block or Accept , but not when I read that after it did get installed and then the trojan/rootkit was removed, a visible malware connection continued without detection.
Wonder when CAVS or any other major anti-virus / anti-imalware program will start Warning about this and other government used malware ?
That is why I wanted to utilize CAVS as a secondary antivirus/antimalware scanner with the right click scan option.
Actually this does not sound as good i have hoped a allow/deny question is quickly missed or allowed and the malware is installed, not found by the antivirus and will leave an undetected link?
thats why i suggest to execute all programms in seperated sandboxes to avoid exactly this.
Kudos to Melih and Team/Co ! Hope you guys realize the importance of your work and what it means for us… especially when providing your software for FREE, which is the best way for creating a SAFE INTERNET. :-TU
When the malware becomes outdated… The situation is simple: the malware (both criminal and governmental) are developed and tested constantly, governmental samples
or at least ideas finding their ways to criminals who further develop the packaging. The above linked document reports on certain malware versions, who knows, this may be
history and the actual versions (maybe even some samples captured and modified by criminals also) penetrate CIS at will… I see way too much green in this table, there must be
conceptual problems, such as protection of the MBR/BIOS or GPT/UEFI.
The challenge is very difficult: one has to protect the following system:
hardware manufactured & assembled in China (=possibility for chinese hardware trojans and pre-infected BIOS/firmware)
hardware shipped around the globe (=access to all kind of organizations or even criminal groups)
Windows written in the US, “customized” by the US-based OEM (HP, Dell, etc). = possibility for american malware.
Last but not least, there are the known/unknown security holes in the system and the applications.
The average Jill & Joe, trapped in the war between three-letter organizations from different countries might not be affected, but imagine you are buying notebooks for an embassy in DC or Beijing, how should you proceed? E.g. is there a way to check the BIOS/BIOS updates from the OEM-s for security?
The challenge is very difficult: one has to protect the following system:
1. hardware manufactured & assembled in China (=possibility for chinese hardware trojans and pre-infected BIOS/firmware)
2. hardware shipped around the globe (=access to all kind of organizations or even criminal groups)
3. Windows written in the US, "customized" by the US-based OEM (HP, Dell, etc). = possibility for american malware.
4. Last but not least, there are the known/unknown security holes in the system and the applications.
If you follow this link below they have some cool articles about stuff like that.
https://cryptostorm.org/viewforum.php?f=25
Well i heard that the Seeker and carrier for Stuxnet was either programmed by the manufacturer into the BIOS (for intelligence agencys) or it did just infect the BIOS This new type of Thread is likely much harder to catch.
