fwkums – This is a zero day test for Cerberus. This test demonstrates that Cerberus can find new zero day threats where others could not.

fwkums is a good example of Cerberus’ unique protection. Remember, when new threats are found, they may have been installed on many, many computers for a very long time. Sometimes, this period is only months. Sometimes, it has been years until the active threat has been identified.

This type of testing shows that Cerberus can find these very destructive threats long before other types of threat protection software. This is because Cerberus is signature-free.

We’re going to tell you the download site for fwkums. Why? It’s important in verifying that this was a new variant. This new variant carried and planted slightly different, but known, variants of a trojan and a virus. We’re going to replace some letters of the url with xxx in three places so it cannot be accidentally triggered, or copied and pasted in a browser: hohidukxxx.mizubasxxx.xxx/fwkums.

WARNING: fwkums and its payloads are very dangerous malware. They can steal your personal information, alter settings on your computer, and take control of your computer.

The fwkums testing was run on May 16, 2014. Original Virus Total data is not available directly but the French threat center CRDF listed fwkums as first added to the database on May 15, 2014 (click the figure below to go to the CRDF page).
fwkums
The CRDF Threat Center also retained a snapshot of Virus Total on May 15, 2014 showing that only 9 out of 53 security programs had definitions for this variant.

The download of fwkums.exe was not flagged by Microsoft Security Essentials. Immediately, the process ovtoso.exe is installed and starts to scan and attempts to contact outside URLs. Microsoft Security Essentials also did not flag this install and did not detect this process’ activity. However, on a reboot, early April 2014 variants of Trojan:WinNT/Necurs.A and PWS:Win32/Zbot.gen!GO are found and are also active. A Microsoft Security Essentials scan does later find these two files. Note that we only mentioned Microsoft as that is the only threat protection we checked. Remember again that it was not only Microsoft that did not find this particular variant upon installation. Only 9 of 53 solutions were able to detect this variant at the time of this testing.

Keep in mind that if this variant was actually first installed on systems three months before this date, Cerberus would have still found it. No others would have been able to identify fwkums.

Cerberus contains fwkums activity through three contain and relax cycles. Fwkums significantly decreases its activity and the processes are not quarantined. If fwkums should restart its activity, Cerberus would contain it again. Even if fwkums changes its identity, we would still expect Cerberus to find it.

Cerberus detected the fwkums process when most other solutions could not!

To begin the download of your free two week trial of Cerberus, simply click http://cerberus.dayzerosystems.com/download/. License sales are exclusively through Digital River and you can go to their MyCommerce site to purchase a license by clicking on http://cerberus.dayzerosystems.com/buynow/.