Gpcode AK

Can someone from Avast tell me if Avast 4.8 will protect me against the dangerous Gpcode ak virus?
See:http://www.viruslist.com/en/alerts?alertid=203996088

Bump…


Bump 2 …


not yet

the virus has been analysed already… it’s written in delphi and uses MS crypto api, no own crypto implementation… all files which we got seemed to be byte-to-byte equal… the detection will be released very soon :wink:

Hm, but don’t you think it’s been taking too long for malware of such scale and possible later complications if user does get infected?
If not for anything else it should be added quickly because of allthe publicity floating around concerning this malware…

http://www.avast.com/eng/vps_history.html - latest VPS update should cover the new Gpcode variant…

RejZoR: do you believe, that the relevancy is proportional to the publicity? if you wanna know how many files arrived at our viruslab, i can tell you the magic number - it’s two (and both were the same)… i don’t know the number of infected ppl until this VPS update, but i think the whole thing about the Gpcode is a piece of puff…

Well, then one out of those two was from me…
It may be load of puff, but tell that to a customer that will get nailed by that thing and is using avast!. Now thats bad publicity, because there was lot of talking about that malware. People make much less of a deal if AV misses some misc malware, than some which was in every news… I mean you earn your daily bread with AV right? Why don’t you guys do it like all others?
Show it big that you detect something thats on all news sites, show users that you care (even if you don’t lol) and ppl will automatically trust you more. And thats something you need the most in AV world…

Maxx, what bores us is corporatism… Why does avast have to be always the last one… Last week I got an infected computer… check the file against virustotal and AVG, BitDefender, Avira, NOD32… all detect except avast… How can I convince my friends about avast solution? ???
The real viruses is what counts to me and avast is failing on detection from time to time…

RejZoR: we’re just doing our job without any massive PR rumour… the detection of flash exploit was added immediately when A. Marx reported it to us… same with rustock, without any “offensive” PR… we could put a message to our website and use your strategy to make avast “better”, but all about this is a question for our managers and web admin, not for virus analysts / programmers… we’ve discussed it a bit, but there’s no final decision afaik…

Tech: i understand what you mean… you gave an example and it’s true… but i can give you examples of widespread malware detected only by avast… few samples are not detected, thousands are detected… i know you’re not happy that the few samples are yours, but i don’t know if the situation can be solved systematically… we’re adding detections for ITW malware with bigger priority, your samples will be detected sooner or later, but i can’t tell you when… we’ve made a few changes to our internal samples storage system and it means a delay at the beginning, kubecj could tell you more via PM…

Maxx, thanks… you’ve got my mind.
Shouldn’t we find another way to add signatures and not wait for samples… what it means, an heuristic method or zero-day protection?

Indeed, we’re not happy when the few samples are ours.
It’s not being easy to convince an IT guy to buy 80 licenses of the avast Advanced Suite as they know the avast detection rate… I can lye to him, I can’t make promises to him… simple as that. What can I do?

Thanks everybody for you re participation on this :wink:
I like Avast and i hope that Avast will do more on early detection in the future.

I like Avast and i hope that Avast will do more on early detection in the future.
I second that statement. We need earlier detection an fewer false positives.

so reading between all the lines above, does this meant at Avast hasnt done a VPS update yet to cover GPcode.AK???!

the detection was added with the 80611-1 version of VPS…

Thanks Maxx… hope you can improve the speed in a near feature… at least 6 days is too much.