Posts Tagged "SigFree"

There are 19 results found

Image Files Containing Malicious Code

Image Files Containing Malicious Code

The future of online attacks. But SigFree tech exists that can defeat this now

Saumil Shah has developed the stegosploit tool to show how malicious javascript code can be embedded and run from an image file. The user need only open the image file to execute the malware code.

image file contains executable malware

Security Affairs published a report on Shah’s work and obtained the following quote from Shah:

Image file vulnerability

But DayZero’s SigFree technology already has the ability to detect malicious code hidden in image and other types of files.

SigFree Code Abstraction detects executable code in any type of file or data stream. Our proprietary technology quickly parses all possible code sequences. This tech easily finds paths that cannot be executed. In the end, SigFree code abstraction only delivers executable code that does not belong in that image file or data stream.

SigFree Stealth defeats any attempts by the malware to disguise itself. Even if the malware morphs, SigFree Stealth will uncover it so the executable path can be found. This tech defeats the malicious code’s attempts to disguise itself. This includes attempts at using polymorphism, encryption, metamorphism and self-modification.

These particular technologies are not yet released in a production product but will be soon. Testing has been highly effective with zero false negatives and near zero (about 0.0027%) false positives. We are working on optimizing speed for data streams with a very amount of image, video and flash files.

Come visit us at DayZero.

Please Note – Images courtesy of Saumil Shah and Pierluigi Paganini.

Exploit Kits and You – Not a Love Story

Exploit Kits: A Fast Growing Threat

Exploit kits are internet hit and run incidents about to happen. They are waiting for you to cross their section of the highway. When you do, they run over you. You will never know what happened.

Exploit kit note: This post is largely taken from the article“Exploit Kits: A Fast Growing Threat” which was published on the Malwarebytes Unpacked blog. At the end, we will also provide a helpful infographic which was published with the original article.
Exploit kits can do damage. You need to know they exist. That way, you will know the measures you must take to stay safe. We hope to impress upon you:

  • what an exploit kit is and what it does
  • how to avoid exploit kits
  • why you need added zero day protection, not only your antivirus, antimalware software
  • why you should install SigFree Cerberus (download here) to add this protection
  •  
    Exploit kits take advantage of vulnerabilities in programs. They focus on programs that are widely used. These programs include browsers, flash and others.

    The exploit kit is stored on hidden websites. You will not realize you were sent there. Malware is planted on well used websites that are trusted. Sometimes this is in an advertisement. You don’t need to click on anything. The malware will secretly direct you to the hidden url in the background. No new browser window will be opened. Software on the site analyzes your system for programs. It looks for known vulnerabilities. Then it decides which exploit kit in its arsenal to plant on your system.

    This is why exploit kits are so dangerous. You will never know that it has been planted on your computer until too late. You can avoid them to some degree by careful browsing. However, the redirect malware can often be planted on normally safe websites.

    Further, the exploit kits can be modified often. So normal antimalware, antivirus is not very useful. These depend on signatures. When malware or the kits change, the signature also changes. This is why you need supplemental zero day protection. The very best zero day protection comes from DayZero Systems. DayZero security software does not rely on signatures as others do.

    Please install DayZero’s SigFree Cerberus. You can download a two-week free trial here.

    Cerberus is completely signature-free. Malware cannot hide from it. Cerberus gives you several layers of protection. In many cases, Cerberus will prevent the malware from sending you to the hidden site. It can also refuse the receipt of the exploit kit into your computer. Finally, even should the exploit kit somehow be planted on your computer, Cerberus can prevent it from stealing information from you. Or from using your computer in a bot network.

    Try DayZero’s SigFree Cerberus now, for free.

    Please browse the following infographic. You will be amazed at what you can learn from it.
     
    exploit kit

    Sony – North Korea or possibly an insider?

    Sony has been a constant news item. Many insist Sony was breached by North Korea. They had the motive, so many say. But does the evidence point to North Korea? Are they the only ones with motive? Or was this more likely the work of an insider? And what are we doing about preventing the next such breach?

    The Sony breach seemed to be tied up securely by the forensics experts
    sony

    From Business Insider article referenced here.

    very early. It was declared an unprecedented breach by an organized group that could not have been caught by antivirus engines. It was declared that it had to be North Korea or a country on behalf of North Korea.
    To quote, “The malware was undetectable by industry standard antivirus software”.
    “The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

    But is this an accurate description of the Sony attack?

    What is ‘detectable by industry standard antivirus software’? Not much. Very likely, not the Sony attack. Traditional antivirus software, even if using behavioral techniques, requires signatures. It needs to have seen the attack or the malware previously. No targeted attack as described in the Sony case should be expected to be caught by ‘industry standard antivirus software’.

    That is where zero day security software such as DayZero’s SigFree Cerberussony comes into play. This type of security software does not rely on signatures. It does not require that the attack have been seen and analyzed before. Security software such as SigFree Cerberus is true zero day protection. In Cerberus’ case, it is designed to find malware planted on a computer and trying to send out private information without permission.

    A free trial copy of SigFree Cerberus may be downloaded from http://cerberus.dayzerosystems.com/download/.

    Some investigators refuse to imagine any attacker of Sony other than North Korea. They cite not only the Sony film, and the stolen and released private information. They also mention the internal damage done. But this in fact is often the fingerprint of a disgruntled insider(s). In fact, the latest speculation on the Sony attack is in fact a series of attackers. And, suspect insiders, past Sony employees for the most part, have been identified.

    Keep in mind that year after year, approximately half of all data breaches are either committed by insiders or otherwise due to human error, in addition to human induced security flaws.

    But what are we doing to prevent the next Sony type attack? Will anyone wake up and accept that our current software security methods are inadequate? Will anyone start to embrace new technology for true zero day protection?

    AnyURL.com featuring Cerberus this week

    AnyURL – leading online reseller AnyURL.com has made SigFree Cerberus one of its top three featured applications for this week!

    SigFree Cerberus is one of the three top applications being featured at AnyURL.com this week. AnyURL is a leading online reseller of a wide variety of software applications.

    If you do not immediately see Cerberus on the AnyURL.com home page, you can find it on its dedicated page at http://www.airyurl.com/dayzero-systems-sigfree-cerberus-v1-license/.

    To go to the SigFree Cerberus page on AnyURL.com, just click on the AnyURL image below:
    AnyURL

    Testing shows that Cerberus can detect zero day malware. It provides benefits to users that other security software solutions cannot.

    Tests using real life, zero day malware can show whether security software provides benefits or not. DayZero Systems has just released testing performed during the final stages of development of SigFree Cerberus v1.0.

    The conclusion is very clear. SigFree Cerberus found malware when other security software solutions could not. Cerberus delivers on its benefits.

    SigFree Cerberus provides zero day protection against worms and other similar self-propagating and self-mutating malware. This includes many viruses. Cerberus does not need known signatures so detection can occur before malware spreads. After it spreads, it can cause costly damage. Cerberus can stop the malware before it steals personal information. Before it uses your system resources as part of a bot network.

    A range of results were blogged recently. See a short summary at http://blog.dayzerosystems.com/2014/11/05/benefits/. This included two real life zero day events and one designed attack. There are links to more detailed reports. The designed attack was made with the popular test program, Metasploit, using the “sneaky attack” option.

    The time has come for new thinking in internet security software. DayZero Systems is the first to step up to the challenge. The word is getting out quickly through leading online sellers like AnyURL.com. SigFree Cerberus v1.0 is the first in an arsenal of future signature-free applications to be released by DayZero Systems, the new leader in zero day threat protection. Cerberus does not protect systems from every type of malware. DayZero still recommends continued regular scans using Windows Security Essentials or, on Windows 8, use of Windows Defender.

    SigFree Cerberus v1.0 comes with a free two-week trial. On AnyURL.com, just click: http://www.airyurl.com/dayzero-systems-sigfree-cerberus-v1-license/. DayZero promotes safe computer use. After downloading, right-click on the file name in its folder, click properties, and click the digital signature tab. This ensures that the software comes from a trusted, certified source. The version 1.0 license is US$14.00 per computer on which it is installed, comes with all v1.0 upgrades, and is not time-limited. The license may be bought on the same AnyURL.com page.

    security softwaresecurity software

    Code emulation and sandboxing are dead

    Code emulation and sandboxing are dead. Or they soon will be. At least as so-called zero day and real-time threat protection techniques.

    Today’s threat protection is by its nature signature based. This means that the malware must first be discovered. This can only be after it has been in place for months or years. While undetected, the malware has created losses to users. These losses range from lower computer performance to loss of personal and confidential information.

    Only after the malware is discovered can the signature be defined. But malware writers have a very simple solution. Once their malware is discovered, they change it slightly and spread the infection again. The original signature cannot find it. Or, better, the malware writers build self-mutation into their malware. It modifies itself. While everyone thinks they’ve caught the bugger, the mutation goes on its merry way. It spreads itself until found. Then another mutation. And the vicious circle continues. Current day software security remains lodged firmly in the past.

    Enter heuristics and behavioral techniques coupled with two other tools, the sandbox and code emulation.

    Not having real zero day tools but being faced with zero day threats continuously, threat protection has evolved by attaching a band-aid.

    Software security vendors try to model the behavior of common threats such as viruses and worms. They have tried to use these models to predict when code might be malware. They have no way of knowing it’s malware but they take their best stab. So, the code that is flagged is a suspect. To decide whether the suspect is malware, there are two main avenues:

  • either the behavior is linked to a subset of the 800,000 signatures they have downloaded to your computer and they try to make a match, or,
  • they use a sandbox and code emulation to execute the suspect in a safe environment. In this way, they decide the purpose of the suspect code.
  • But this method has inherent weaknesses. First, the behavior models and heuristics are akin to predicting what you will have for supper by analyzing what you had for breakfast. And, these are not true zero day approaches to malware detection or threat protection.

  • many times, the default still relies on matching the suspect to a signature. In this case, any effort to avoid signature-based detection is thwarted.
  • code emulation in the sandbox takes precious time and delays the data stream. This is a very inefficient attempt at zero day protection.
  • it’s easy for the malware writer to fool the code emulator. This may result in no determination of whether it poses danger or not. Some software security vendors have resorted to simply declaring the suspect malware based on whether it has been seen before. These so-called “reputation” scores are fundamentally baseless.
  • Most important, it is very easy for a malware writer to program their malware to bypass the code emulator.
  •  
    The last is a very interesting topic in itself. Kyle Adams of Juniper Networks successfully an anti-virus product using code emulation with what he described as very simple javascript. In August, Adams’ work was summed up:

    “With his own custom malware, the source code of the malware is effectively hidden from the AVG scanner, and Adams said he could do whatever he wanted. Since the scanner didn’t know about the malware, it couldn’t log it either.” Quoting Adams: “Pretty much the way any AV works is it looks at the file before you run it,” Adams said. “They are trying to judge whether the file itself is going to be malicious.”

    So, code emulation and sandbox use are not zero day techniques. They are extensions of the basic signature definition technique but are highly vulnerable, make the anti-virus program itself a tool to be exploited, and are fraught with error and time delay.

    Adams work was also summed up in Dark Reading: “His research shows that code emulation and sandboxing aren’t really working anymore. “Now you can start to attack code emulators and sandboxes” themselves. At least 10% of attacks are attempting this today.”

    The trends in the mainstream security software technology development continue in the wrong direction.

    DayZero Systems has developed zero day malware detection toolkits that it is just starting to deploy. Take a look at the DayZero technology portfolio at http://www.dayzerosystems.com/#technologies.

    code

    CNET now carries the Cerberus v1.0 download

    In addition to our site, Digital River MyCommerce, and Digital River’s affiliate sites, you are now able to download DayZero’s SigFree Cerberus v1.0 trial copy from CNET. This gives you additional bandwidth should one of the other sources be inundated. It is also a confirmation by CNET of the safety of our download.

    Remember, the download is a fully functional program that provides you with a two week free trial of Cerberus. During or after that period, you can decide whether to buy or not. To buy, you can simply open the Cerberus UI on your own screen and click License in the bottom left. This will show the purchase link. You can also find Purchase links on our website at http://cerberus.dayzerosystems.com/.

    You will start to see the CNET download links on some of our help pages and very soon elsewhere on our site. The CNET download page is available at http://download.cnet.com/DayZero-Systems-SigFree-Cerberus/3000-2239_4-76200909.html?part=dl-&subj=dl&tag=button.

    But you can now find the following CNET download button on some of our help pages which will take you to this link (we’ll give some tips below for when you get there).

    Get it from CNET Download.com!

    CNET tracks all the latest consumer technology breakthroughs and shows you what’s new, what matters, and how technology can enrich your life. We give you the information, tools, and advice that will help you decide what to buy and how to get the most out of the tech in your life.

    Each month, millions of people come to CNET to:

  • Read the latest technology news and unbiased product reviews
  • Find the products that are right for them
  • Watch videos that demystify technology and show off the hot new thing
  • Learn how to get the most out of the technology they have
  • Download software, mobile apps, and games
  • Post opinions about the technology and the consumer electronics they live with every day
  •  
    CNET is part of CBS Interactive. Download.com is CNET’s site for their selected downloads. In CNET’s words “Download.com is the place where people go to discover free-to-try legal downloads.”

    When downloading from CNET, be aware that there will also be ads for other suggested downloads. Download from the button directly below the words “Welcome DayZero Systems SigFree Cerberus users”.

    See below to see the correct download link for SigFree Cerberus. Download, install and enjoy. And don’t forget to make use of our Help section and search buttons should you have any questions. They are very through.

    Get it from CNET Download.com!CNET Welcomes DayZero Systems SigFree Cerberus users

    SigFree Cerberus security software yields outstanding benefits

    SigFree Cerberus v1.0 test results, including zero day malware testing, have just been released. Testing shows that Cerberus can detect malware and provides benefits to the user where other security software solutions cannot.

    Tests using real life, zero day malware will tell whether security software provides benefits or not. DayZero Systems has just released testing performed during the final stages of development of SigFree Cerberus v1.0.

    The conclusion is very clear. SigFree Cerberus found malware when other security software solutions could not. Cerberus delivers on its benefits.

    SigFree Cerberus provides zero day protection against worms and other similar self-propagating and self-mutating malware, including many viruses. Cerberus does not require known signatures so detection can occur before malware spreads and causes costly damage. Before the malware steals personal information or uses system resources as part of a bot network.

    A range of results were blogged recently. See a short summary at http://blog.dayzerosystems.com/2014/11/05/benefits/. This included two real life zero day events and one designed attack. There are links to more detailed reports. The designed attack was made with the popular test program, Metasploit, using the “sneaky attack” option.

    The two real life malware examples are named fwkums and 5minut1. They are both infections that can install themselves simply by clicking on the wrong URL, image or email attachment.

    The fwkums malware tested is a mutation of a prior infection. It’s very dangerous and can steal personal information as well as take over the computer. At the time of this test, only 9 of 53 other security software solutions could detect this new mutation, https://threatcenter.crdf.fr/?More&ID=418800&D=CRDF.Trojan.Spy-Generic.2557074387. SigFree Cerberus security software found the infection quickly.

    The 5minut1 malware is an adaptive virus that behaves somewhat like a worm. It launches a full screen advertising window and can carry other payloads. By adaptive, it senses when an attempt is made to detect it and changes its behavior to try to evade detection. Since SigFree Cerberus does not require known signatures or behavior to detect the malware it targets, it found 5minut1 quickly. At the time, only 1 in 51 other malware detection software solutions could detect 5minut1, https://www.virustotal.com/en/file/12144360ede7a5fb8074e93e83d9e6cccad05148c2733ce5a7df46ee540952cb/analysis/1397402126/#additional-info.

    The two above tests were successful. But testing of a security software solution like SigFree Cerberus is not complete without putting it up against “sneaky speed”.

    Sneaky speed is often used to test networks. It challenges testers because it is designed to evade detection. It will change its behavior to avoid being found. But again, SigFree Cerberus found it quickly with its signature-free technology. Attempts at evasion are quickly thwarted by Cerberus.

    The time has come for new thinking in internet security software and DayZero Systems is stepping up to the challenge. SigFree Cerberus v1.0 is the first in an arsenal of future signature-free applications to be released by DayZero Systems, the new leader in zero day threat protection. Cerberus does not protect systems from every type of malware. DayZero still recommends continued regular scans using Windows Security Essentials or, on Windows 8, use of Windows Defender.

    SigFree Cerberus v1.0 comes with a free two week trial, just click: http://cerberus.dayzerosystems.com/download/. DayZero promotes safe computer use. After downloading, right click on the file name in its folder, click properties, and click the digital signature tab. This ensures that the software comes from a trusted, certified source. The version 1.0 license is US$14.00 per computer on which it is installed, comes with all v1.0 upgrades, and is not time-limited. The license may be bought through Digital River by clicking http://cerberus.dayzerosystems.com/buynow-v1/.

    security softwaresecurity software

    Benefits accrue to anyone who installs Cerberus

    Benefits! That is what everyone wants from any type of software. With Cerberus, some benefits are dramatically clear. Other benefits may be “behind the scenes”. But there is no question that everyone obtains benefits from SigFree Cerberus’s unique signature-free protection.

    Benefits of Cerberus were confirmed in testing during its final development stages. We already reported on testing of the malware 5minut1. Cerberus found this malware at a time when Virus Total reported that only 1 out of 51 virus engines were able to detect 5minut1. The figure below contains the link to Virus Total for 5minut1:
    benefits

    You can also read more about this test on our blog at “5minut1.exe – zero day testing of Cerberus”.

    We also reported on tests for fwkums. Fwkums is a very dangerous malware that can steal your personal information. It can also take control of your computer. At the time of our testing, only 9 out of 53 other detection engines could detect fwkums. You can also see that report on our blog at “fwkums – zero day testing of Cerberus”.

    These tests demonstrated the benefits of Cerberus very well. Without needing signatures as the other detection engines do, Cerberus found both quickly. Cerberus found these dangerous programs. Picture this. Those bugs could have been on computers for months or years. The other detection engines could not find them until they caused damage. Someone finally saw the problem and found the source. Then the other detection engines could define signatures. Or, they could model the specific behavior of these infections.

    But Cerberus needed none of that. Cerberus found these dangerous infections without knowing anything about them. Cerberus could have found them when they first gained entry to a computer! Those are the benefits of Cerberus!

    Both of the examples mentioned above were designed to be evasive. This particular fwkums infection was a mutation. The 5minut1 infection was adaptive. It changed its behavior as it ran to try to evade detection. Both were quickly detected and neutralized by Cerberus. No damage was done by either infection. And Cerberus did this without known signatures or behavior patterns of these particular infections.

    Another blog had three manufactured scenarios using the popular Metasploit tools. These also made Cerberus’ benefits clear. All three were reported in our blog “Metasploit port scanning target for Cerberus”. But one of the most thrilling was blogged in detail in “Sneaky speed – why you need SigFree Cerberus”

    “Sneaky Speed” is a challenge. This scenario is adaptive to evade detection. Being adaptive, Sneaky Speed tests its boundaries. This way, it determines a threshold. It then scans below that threshold to avoid being detected. However, Cerberus detected and contained sneaky speed in only 125 milliseconds (0.125 seconds) after start of test. Nothing sneaky speed could do would convince Cerberus to let it go.

    This demonstrates the validity and benefits of Cerberus’ signature-free approach! We suggest you give the free two week trial a go. Links are below.

    To begin the download of your free two week trial of Cerberus, simply click http://cerberus.dayzerosystems.com/download/. Or you can find download links on our Landing Page. License sales are exclusively through Digital River and you can go to their MyCommerce site to buy a license by clicking on http://cerberus.dayzerosystems.com/buynow/.

    5minut1 – excellent zero day test of Cerberus

    5minut1.exe – This is an excellent example of a zero day test for Cerberus. This test demonstrates that Cerberus can find new zero day threats where others could not. In this case, only 1 of 51 threat protection solutions could detect this virus that acts somewhat like a worm. Cerberus detected 5minut1 immediately and controlled and then finally quarantined this bug!

    5minut1.exe is a good example of Cerberus’ unique protection. Remember, when new threats are found, they may have been installed on many, many computers for a very long time. Sometimes, this type of zero day malware is not only annoying like 5minut1 but, instead, very destructive. Sometimes, it has been years until the active threat has been identified.

    5minut1 has very interesting behavior as you will see below. This type of testing shows that Cerberus can find zero day malware long before other types of threat protection software. This is because Cerberus is signature-free.

    This testing was done on April 15, 2014. This is the same day this new variant was added to the VXVault:
    5minut1

    On April 13, 2014, Virus Total reported that only 1 of 51 internet security programs were able to detect 5minut1. When we tested, Microsoft Security Essentials did not identify this virus. Cerberus detected this new malware immediately!

    5minut1

    The effect of 5minut1 was to launch an unframed, full-screen Internet Explorer advertising page about every 3 minutes. These unframed, full-screen pages are annoying not only because of the advertising or objectionable material they contain. They also don’t have the customary delete and minimize buttons. With this type of virus, one never knows whether there is something more dangerous lurking while this full screen window is dominating your screen. Or that may be triggered if you try to get rid of the window.

    In this case, 5minut1 shows evidence of being self-mutating. Different variants seem to have been reported to different repositories. This complicates detecting this type of malware by traditional means. But it also highlights the importance of Cerberus which doesn’t care if the malware mutates. Cerberus will continue to find it!

    5minut1 attempted to stay below some threshold and was somewhat adaptive in an attempt to escape detection. However, Cerberus detected 5minut1 immediately. Because of the adaptive nature of 5minut1, Cerberus contained and then relaxed it 22 times! before finally declaring it malicious and quarantining it. But Cerberus suppressed the advertising payload every time. However, 5minut1 would continue launching a blank IE window until it was finally quarantined.

    All in all we consider this a resounding test of Cerberus’ unique capability and proof that it is a valuable addition to anyone’s internet security!

    To begin the download of your free two week trial of Cerberus, simply click http://cerberus.dayzerosystems.com/download/. License sales are exclusively through Digital River and you can go to their MyCommerce site to purchase a license by clicking on http://cerberus.dayzerosystems.com/buynow/.

    fwkums – zero day testing of Cerberus

    fwkums – This is a zero day test for Cerberus. This test demonstrates that Cerberus can find new zero day threats where others could not.

    fwkums is a good example of Cerberus’ unique protection. Remember, when new threats are found, they may have been installed on many, many computers for a very long time. Sometimes, this period is only months. Sometimes, it has been years until the active threat has been identified.

    This type of testing shows that Cerberus can find these very destructive threats long before other types of threat protection software. This is because Cerberus is signature-free.

    We’re going to tell you the download site for fwkums. Why? It’s important in verifying that this was a new variant. This new variant carried and planted slightly different, but known, variants of a trojan and a virus. We’re going to replace some letters of the url with xxx in three places so it cannot be accidentally triggered, or copied and pasted in a browser: hohidukxxx.mizubasxxx.xxx/fwkums.

    WARNING: fwkums and its payloads are very dangerous malware. They can steal your personal information, alter settings on your computer, and take control of your computer.

    The fwkums testing was run on May 16, 2014. Original Virus Total data is not available directly but the French threat center CRDF listed fwkums as first added to the database on May 15, 2014 (click the figure below to go to the CRDF page).
    fwkums
    The CRDF Threat Center also retained a snapshot of Virus Total on May 15, 2014 showing that only 9 out of 53 security programs had definitions for this variant.

    The download of fwkums.exe was not flagged by Microsoft Security Essentials. Immediately, the process ovtoso.exe is installed and starts to scan and attempts to contact outside URLs. Microsoft Security Essentials also did not flag this install and did not detect this process’ activity. However, on a reboot, early April 2014 variants of Trojan:WinNT/Necurs.A and PWS:Win32/Zbot.gen!GO are found and are also active. A Microsoft Security Essentials scan does later find these two files. Note that we only mentioned Microsoft as that is the only threat protection we checked. Remember again that it was not only Microsoft that did not find this particular variant upon installation. Only 9 of 53 solutions were able to detect this variant at the time of this testing.

    Keep in mind that if this variant was actually first installed on systems three months before this date, Cerberus would have still found it. No others would have been able to identify fwkums.

    Cerberus contains fwkums activity through three contain and relax cycles. Fwkums significantly decreases its activity and the processes are not quarantined. If fwkums should restart its activity, Cerberus would contain it again. Even if fwkums changes its identity, we would still expect Cerberus to find it.

    Cerberus detected the fwkums process when most other solutions could not!

    To begin the download of your free two week trial of Cerberus, simply click http://cerberus.dayzerosystems.com/download/. License sales are exclusively through Digital River and you can go to their MyCommerce site to purchase a license by clicking on http://cerberus.dayzerosystems.com/buynow/.