Posts Tagged "fwkums"

There are 2 results found

SigFree Cerberus security software yields outstanding benefits

SigFree Cerberus v1.0 test results, including zero day malware testing, have just been released. Testing shows that Cerberus can detect malware and provides benefits to the user where other security software solutions cannot.

Tests using real life, zero day malware will tell whether security software provides benefits or not. DayZero Systems has just released testing performed during the final stages of development of SigFree Cerberus v1.0.

The conclusion is very clear. SigFree Cerberus found malware when other security software solutions could not. Cerberus delivers on its benefits.

SigFree Cerberus provides zero day protection against worms and other similar self-propagating and self-mutating malware, including many viruses. Cerberus does not require known signatures so detection can occur before malware spreads and causes costly damage. Before the malware steals personal information or uses system resources as part of a bot network.

A range of results were blogged recently. See a short summary at http://blog.dayzerosystems.com/2014/11/05/benefits/. This included two real life zero day events and one designed attack. There are links to more detailed reports. The designed attack was made with the popular test program, Metasploit, using the “sneaky attack” option.

The two real life malware examples are named fwkums and 5minut1. They are both infections that can install themselves simply by clicking on the wrong URL, image or email attachment.

The fwkums malware tested is a mutation of a prior infection. It’s very dangerous and can steal personal information as well as take over the computer. At the time of this test, only 9 of 53 other security software solutions could detect this new mutation, https://threatcenter.crdf.fr/?More&ID=418800&D=CRDF.Trojan.Spy-Generic.2557074387. SigFree Cerberus security software found the infection quickly.

The 5minut1 malware is an adaptive virus that behaves somewhat like a worm. It launches a full screen advertising window and can carry other payloads. By adaptive, it senses when an attempt is made to detect it and changes its behavior to try to evade detection. Since SigFree Cerberus does not require known signatures or behavior to detect the malware it targets, it found 5minut1 quickly. At the time, only 1 in 51 other malware detection software solutions could detect 5minut1, https://www.virustotal.com/en/file/12144360ede7a5fb8074e93e83d9e6cccad05148c2733ce5a7df46ee540952cb/analysis/1397402126/#additional-info.

The two above tests were successful. But testing of a security software solution like SigFree Cerberus is not complete without putting it up against “sneaky speed”.

Sneaky speed is often used to test networks. It challenges testers because it is designed to evade detection. It will change its behavior to avoid being found. But again, SigFree Cerberus found it quickly with its signature-free technology. Attempts at evasion are quickly thwarted by Cerberus.

The time has come for new thinking in internet security software and DayZero Systems is stepping up to the challenge. SigFree Cerberus v1.0 is the first in an arsenal of future signature-free applications to be released by DayZero Systems, the new leader in zero day threat protection. Cerberus does not protect systems from every type of malware. DayZero still recommends continued regular scans using Windows Security Essentials or, on Windows 8, use of Windows Defender.

SigFree Cerberus v1.0 comes with a free two week trial, just click: http://cerberus.dayzerosystems.com/download/. DayZero promotes safe computer use. After downloading, right click on the file name in its folder, click properties, and click the digital signature tab. This ensures that the software comes from a trusted, certified source. The version 1.0 license is US$14.00 per computer on which it is installed, comes with all v1.0 upgrades, and is not time-limited. The license may be bought through Digital River by clicking http://cerberus.dayzerosystems.com/buynow-v1/.

security softwaresecurity software

fwkums – zero day testing of Cerberus

fwkums – This is a zero day test for Cerberus. This test demonstrates that Cerberus can find new zero day threats where others could not.

fwkums is a good example of Cerberus’ unique protection. Remember, when new threats are found, they may have been installed on many, many computers for a very long time. Sometimes, this period is only months. Sometimes, it has been years until the active threat has been identified.

This type of testing shows that Cerberus can find these very destructive threats long before other types of threat protection software. This is because Cerberus is signature-free.

We’re going to tell you the download site for fwkums. Why? It’s important in verifying that this was a new variant. This new variant carried and planted slightly different, but known, variants of a trojan and a virus. We’re going to replace some letters of the url with xxx in three places so it cannot be accidentally triggered, or copied and pasted in a browser: hohidukxxx.mizubasxxx.xxx/fwkums.

WARNING: fwkums and its payloads are very dangerous malware. They can steal your personal information, alter settings on your computer, and take control of your computer.

The fwkums testing was run on May 16, 2014. Original Virus Total data is not available directly but the French threat center CRDF listed fwkums as first added to the database on May 15, 2014 (click the figure below to go to the CRDF page).
fwkums
The CRDF Threat Center also retained a snapshot of Virus Total on May 15, 2014 showing that only 9 out of 53 security programs had definitions for this variant.

The download of fwkums.exe was not flagged by Microsoft Security Essentials. Immediately, the process ovtoso.exe is installed and starts to scan and attempts to contact outside URLs. Microsoft Security Essentials also did not flag this install and did not detect this process’ activity. However, on a reboot, early April 2014 variants of Trojan:WinNT/Necurs.A and PWS:Win32/Zbot.gen!GO are found and are also active. A Microsoft Security Essentials scan does later find these two files. Note that we only mentioned Microsoft as that is the only threat protection we checked. Remember again that it was not only Microsoft that did not find this particular variant upon installation. Only 9 of 53 solutions were able to detect this variant at the time of this testing.

Keep in mind that if this variant was actually first installed on systems three months before this date, Cerberus would have still found it. No others would have been able to identify fwkums.

Cerberus contains fwkums activity through three contain and relax cycles. Fwkums significantly decreases its activity and the processes are not quarantined. If fwkums should restart its activity, Cerberus would contain it again. Even if fwkums changes its identity, we would still expect Cerberus to find it.

Cerberus detected the fwkums process when most other solutions could not!

To begin the download of your free two week trial of Cerberus, simply click http://cerberus.dayzerosystems.com/download/. License sales are exclusively through Digital River and you can go to their MyCommerce site to purchase a license by clicking on http://cerberus.dayzerosystems.com/buynow/.