Avast not detect brazilian trojans steal?

Hello People.
In my tests with a good number of variants (10) of TROJAN.PWS.STEAL (this viruse copy and send brazilian bank password to thiefs)
Avast detect nothing.
Other antivirus (include the weak AVG) detect some viruses, and the top (f-secure, kav) detect 100%
I send the viruses to 1 months ago.
Avast in 1 months ago not added the variants!??
In brazilian foruns, peoples they claim of they will be infected or of the avast do not detect

See images and links to viruse:

Infection Sample:

Infection Mode
I received a false e-mail from symantec


http://img182.echo.cx/img182/782/trojanbancos15xy.th.jpg

F-Secure detected and stop viruse. I decided to stop f-secure service to make tests

http://img100.echo.cx/img100/2236/fsecuretrojan3ki.th.jpg

Multiscan

http://img248.echo.cx/img248/8153/trojanbancos27qs.th.jpg

Avast scan
This viruse i sended 1 month ago…

http://img98.echo.cx/img98/5401/trojanbancos32lr.th.jpg

Jotti Multiscan [color=#FF0000]

http://img209.echo.cx/img209/2765/jotti9ko.th.jpg

The weak Avg Detect…

The question its:
Why Avast its excelent to detect world viruses, but brazilian specific viruses not detect, and why nothing people add in database, a detection for viruse (i sended 1 month ago.)

Thank’s

It’s a shame, a shame, a shame :stuck_out_tongue:
I’ll blame against this until they heard us! Virus submission and VPS update are very poor, slow :stuck_out_tongue:
Co’mon! :frowning:

Hello,

I just gave up to send anything to Alwil as it is a waste of time… When they add theses files to the VPS, it will not be needed anymore, because theses trojan will not be more in circulation…

These specific threats (trojans bankers from Brazil), have a total different behavior from the rest of the threats… They usually dont survive more than a week before it gets modified and became a variant of it self… If the antivirus is not capable to update it self fast as the new variants coming, it will not protect you at all againts it… And I mean really at all…

I have a lot of samples of this kind of threat… I sent 3 samples, 4 days ago to grisoft… (The other samples are already detected by AVG). And guess what? All the 3 are now detected with the update available today… This kind of thing, makes me hunt malware to send to grisoft… Cause I know that my hobby (work) will not be an waste of time…

An study made by winco, said that the trojans production in Brazil grow up 1184% from the last year… And I ask… How to combat this massive attack? With fast updates… If it takes more than a week to add a single sample… Please… forget it… Dont need to add anymore…The damage was done and now theres a new variant running… the old one is out…

Please, I am not saying that avast sucks, or its inferior product compared to AVG (Its relative), no AV is perfect…I believe that Avast have the most complete set of features, good innovations and have everything to be in the Top… But its not just because the most important thing (Update virus database) is not take so serius as it should be… Or At least serious as other things in Avast… Like its features that are always created…

But AVG, works in other way… It doesnt have any extra features, just the basic… But takes too serious its database updates… Even being poor in features, its virus database can stop virus from infect your computer… Theres no point in have a lot of features like Avast have, if no feature have the signature to stop the virus… It will infect your computer anyway…

Its a mistake to think that AVG is weak in detection rate… Is far aways from the winners, but it is side by side with Avast…(Of course excluding the adwares that Avast gets and AVG nor even know what its means… :slight_smile: I mean just virus)

Thanks for reading…And I hope that Avast weak up and see that Virus Database is the most important thing in a Antivirus, and not its extra features… :slight_smile:

By the way, I like Avast!

Elminster

Hello Elminster and Octaiver Matt, i agree with you.

Hello People.
In my tests with a good number of variants (10) of TROJAN.PWS.STEAL (this viruse copy and send brazilian bank password to thiefs)
Avast detect nothing.
Other antivirus (include the weak AVG) detect some viruses, and the top (f-secure, kav) detect 100%
I send the viruses to 1 months ago.
Avast in 1 months ago not added the variants!??
In brazilian foruns, peoples they claim of they will be infected or of the avast do not detect

I think this behavior is happening for all countries in the world, not only for Brazil. Brazilians are suffering more, because when in the last year malware activities risen 300% in the world, in Brazil these rising was near 1200%. :cry:

I compare and saw a decrease in the number of additions in VPS updates, even more in this last month - http://www.avast.com/eng/vps_history.html. With “viral” activities increasing in the world, this is a contradition. Without signature updates, users won´t be safe and even the best antivirus will be useless. Today is extremelly important to an antivirus reacts a virus the more soon possible, because most virus spreading times in the internet is almost one week, not one month or two. :-\

One week is time enough for a password stealer easyly lower your economies to zero (and i ever know cases with avast installed :-[). Users can make a backup of their data, but not of their bank account. That´s make me consider password stealers VERY DANGEROUS, even more than “normal” virus type that appear in the Virus Bulletin samples.

So, PLEASE, PLEASE, don´t forget the VPS updates! Wake up Alwill!

Unfortunately i must agree that there “IS” real problem with speed of adding trojans, viruses and some malware into VPS …

I will just hope what Vlk told me is true and it will change and improve soon …

Hello,

What Vlk told you?

Thanks for your time,

Elminster

Viruses PWS.STEAL Variant JU (i sended 1 month ago this variant) In ACTION.

http://image-upload.org/images/ZFD3Gh.jpg

False site of Bank “CAIXA”.

http://image-upload.org/images/wIr2Re.jpg

Scaned process (svchost.scr in c:\windows)

It’s a pity but the history does not lye…

What’s up? :stuck_out_tongue:

And guess what…?

I colected more 3 variants of Brazilians trojan banker and sent last 08/05/2005 to Grisoft… Today, 10/05/2005, I received an email from Grisoft telling me that theses 3 new variant will be added in the next update…

The other 8 sample, that I sent in the last 10 or 15 days, were ALL added 2 updates ago… in the middle of the last week… It took like 2 or 3 days to each sample be added to AVG…

Why cant Avast do the same…? :frowning: Grisoft is small as well… :frowning:

Thanks for your time,

Elminster

Kaspersky, Bit Defender and F-secure Add in 6 - 12 hours after e-mail sent…

3 days from Grisoft its very slow

In 2004, i sent new viruses and Alwil reply-me faster (include a virus “bankfraud”) , in 6 hours…but today nothing… :cry:

Kaspersky added in 6 hours?

Holy God… Really fast!

I guess up to 5 days is “acceptable” (specially is its a small company and a free software), the ideal is up to 48hs… If it can be done faster… its better…

Thats my 2 cents,

Elminster

Some antivirus company not only find a way to detect these viruses, but they have to use some sort of formula to disinfect a virus to see that if the file can be repaired.

Hello guys!

Well, as I have patience and a good heart, :wink: , I sent 5 variants of brazilian trojan bankers to Avast today (13/05/2005)…
Lets see how many time Avast will take to add all of them…?

I hope that it dont tale too long… :slight_smile:

cross fingers

Thanks for your time,

Elminster

Ps–> Avg already added the 3 trojan bankers that I sent… :wink:

Avast detected PWS! 8)


http://img79.echo.cx/img79/3913/avastpws8xx.th.jpg

Why send it to AVG? You should send the infected file to your own Antivirus company so that we may be one step ahead of the others. 8)

Hello,

Actually I dont defend a specific antivirus… I defend a good product… :slight_smile:

Avast and AVG are the ones that I trust, so I help them… :slight_smile:

Today I collected other 6 of this trojans… I will send to Avast and AVG soon… :slight_smile:

Thanks,

Elminster

I understand, glad you help avast! to find virus faster. ;D

Updating this topic,

Yesterday, 16/05/2004, Avast added one of the 5 trojans that I sent… :frowning:
Today, it added the other 4 that were missing… :slight_smile:

Hmmm… Took like 4 days to get it in the Vps… Not so bad… :slight_smile:

I guess I will send the other 10 that I have… :slight_smile:

Thanks Avast! Good Job!

Elminster

Very interesting, Se have found out those of Panda

Thanks for helping us to be even more protected 8)