Why avast! not detect brazilian trojan encrypted?

For years avast not detect brazilian virus encrypted:

http://goo.gl/Ys0bR8

Avira AntiVir always detect ( heuristics ) this type of virus.

It is beeing detected, if you look at the newest scan of that file:

https://www.virustotal.com/de/file/5c4e38c52886fe40fbdd259c2cbef402ec0d751472d93244313af217fe1c195f/analysis/

And other:

http://goo.gl/v2nH26

OK. That is not detected.
If you can get the file or have the file you can report it to Avast here: http://www.avast.com/contact-form.php

I am referring to heuristic.

Avira AntiVir always detect ( heuristics ) this type of virus.

I dont know why it is not detected, but avast heuristics are not that good as Aviras.

But with DeepScreen which will be implemented in Avast 2014 this will get better. ;D

Here also missed: http://app.webinspector.com/public/reports/17049131
I get HTTP/1.0 404 Not Found
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 Sep 2013 21:00:12 GMT
Server: sffe
Content-Length: 937
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic

Error 404 (Not Found)!!1 *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}} Google

404. That’s an error.

The requested URL /v2nH26 was not found on this server. That’s all we know.

polonus

???

As this was pointed out to me I will explain myself now.
That was the request and response via WebBug I got for that link you posted, I understand they go to VT results now.
Here avast misses detection: https://www.virustotal.com/en/file/5c4e38c52886fe40fbdd259c2cbef402ec0d751472d93244313af217fe1c195f/analysis/1378777119/
Well avast has some history of missing these detections, it is a known flaw.
Funny I found that your links to VT results cannot be resolved by WebBug and not by wepawet either.
This also includes/means that they are open to abuse as you see from my result.
The link you gave was not malicious an sich and resolved to normal VT results, but the format is insecure by nature and can be abused by malcreants,

polonus

And why analysts do not improve the heuristic of avast! ?

Well see here: https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/
and the detection here: http://f.virscan.org/fbvideoupdate9.1.exe.html
Answer to your question they may not as yet have developed the special detection routine for this generic detection for unknown variants.
It is the runtime packer that is being missed. Hopefully the developers will catch up, or get the expertise via Zoner AV,

polonus

Because to this deficiency of avast! many of brazilian PCs being infected.

Virus are spread by facebook

So it avast! sieve is called here in Brazil

.

Has failed heuristics and analysis sandbox of avast! in this case.

This type of virus, once installed, is spread by pendrive and Facebook for theft of bank accounts.

Thousands of infections every day.

.

You can report the file to Avast via this form: http://www.avast.com/contact-form.php

Here avast detects: https://www.virustotal.com/en/file/5c4e38c52886fe40fbdd259c2cbef402ec0d751472d93244313af217fe1c195f/analysis/
Here you could check detection score of avast!: http://support.clean-mx.de/clean-mx/md5.php?CAT_QuickHeal=Worm.Gamarue
It is also the price you pay for avast"s popularity in Brazil. Malcreants even disguise their malware as avast program: http://malwaretips.com/Thread-Banking-Trojan-posing-as-Avast-AV
In such a situation malcreants seeks to go under the avast detection radar first and foremost, just because avast is so popular ober there.
The slack detection on Brazilian Trojans was also mentioned several times by our former forum member and now avast team member, Tech,
who himself is native to that vast South American country…

polonus

But this is not detected: https://www.virustotal.com/en/file/063fac53d4241944322fdc864b034fa03f5547fb7a4d60f92934dc089e91bd2a/analysis/

Same as this backdoor bot: https://www.virustotal.com/en/file/88363986438da05abe038e776feef86281c8996e64f6b3d1761d16fa3f447320/analysis/
For yours see: http://v.virscan.org/Gen:Trojan.Heur.GM.01C0046420.html
A meagre detection rate: http://r.virscan.org/c9d8f689b6d5fa0c9958997915767899

polonus

Thats not mine, that is the link which Henrique - RJ posted earlier. :wink:

The question is the avast! heuristic need to detect installers compressed with password.

This to improve the avast! heuristic.

How to awaken the developers of avast! for this ?

You can share an idea on this page: https://feedback.avast.com/