Category Archives: Security News

On this page you will find links to selected IT-security related news articles from various sources, including news from conferences and some test results. Posts in this category might be written by externals and students. If you find some interesting news, please let us know!

Malware in the media – May’s lesson

Published by:

Month after month, our Real-World Protection Tests show an increase in ransomware prevalence.  For people following the security industry, this is no surprise, since many security vendors (e.g. Adaware and Avast) have been predicting this.

The “star” of this month’s media attention was WannaCry. The high media coverage was caused not only by its massive outbreak in over 150 countries in a few days (according to CrowdStrike), but also because it has all the elements of an exciting 007 movie: a plot with a national security agency causing the problem (Emsisoft: “WannaCry outbreak caused by NSA exploits”); a conspiracy theory with an evil organization (The Shadow Brokers), possibly connected to a rogue nation (Symantec: “WannaCry attack shows strong links with North Korean Lazarus Group”); a young hero (22-year-old Marcus Hutchins, AKA MalwareTech) saving the world from further damage by activating the built-in kill switch by the quick registration of an internet domain name.

Despite all the media attention, it was not WannaCry but the Jaff ransomware that affected the most victims in May (eScan: “Ransomware variants vying for top slot”). Jaff ransomware is often delivered through spam emails containing a PDF attachment. When the attachment is opened, an embedded word document with macros is started. If the user ignores the macro warning and lets them run, a copy of the actual ransomware will be downloaded and executed.

Safe computing habits and an updated system with an antivirus program will protect against most ransomware attacks. The infection statistics for the recent WannaCry outbreak clearly illustrate the importance of an updated security product and operating system. Contrary to initial belief it was not XP, but Windows 7 systems that were worst hit by the WannaCry ransomware (98% of cases, according to Kaspersky Lab’s Costin Raiu).

Whilst Microsoft’s inclusion of basic antivirus protection in Windows 8.1 and 10 is in principle commendable, there are a couple of areas of possible concern which should be noted. Firstly, the same name (Windows Defender) is used for the antispyware-only program in Windows 7 as for the full antimalware program in Windows 8.1/10; some security researchers think that security-unaware PC users may believe their Windows 7 systems are fully protected without additional antivirus software, which they are not. Secondly, as ESET point out (based on Microsoft data), a monoculture of security software would make far more systems vulnerable, as attackers would only have to work out how to bypass a single antivirus program.

Proactive protection against the WannaCry ransomware (not the exploit)

Published by:

The WannaCry ransomware has been a major news story over the last few days. It has infected hundreds of thousands of computers worldwide (mostly in Russia), including some well-known companies and institutions. All the programs in our public Main Test Series now detect the WannaCry malware samples by means of signatures, but we decided to find out which of these programs would have blocked the malware sample (not the exploit) proactively, i.e. before the the outbreak started and the malware samples became known. We ran a proactive protection test, i.e. we used vulnerable Windows 7 systems with definitions prior to May 12th. A WannaCry malware sample was then executed on offline systems. The list below shows which of the tested programs would have protected the system, and which did not.

Adaware Pro Security Protected
Avast Free Antivirus Protected
AVG Free Antivirus Protected
AVIRA Antivirus Pro Protected
Bitdefender Internet Security Protected
BullGuard Internet Security Protected
CrowdStrike Falcon Prevent Protected
Emsisoft Anti-Malware Protected
eScan Corporate 360 Protected
F-Secure SAFE Protected
Fortinet FortiClient Not protected
Kaspersky Internet Security Protected
McAfee Internet Security Not protected
Microsoft Security Essentials Not protected
Panda Free Antivirus Protected
Seqrite Endpoint Security Protected
Tencent PC Manager Protected
Symantec Norton Security Protected
Trend Micro Internet Security Protected
VIPRE Advanced Security for Home Protected

As can be seen above, a majority of these products protected against this ransomware, but over 200,000 systems worldwide were compromised by it nonetheless. New variants might appear, and results for the next outbreak could look different. Users are advised to keep their systems patched, enable AV protection (i.e. do not disable features) and keep it up-to-date, as well as practising safe computing.

* This test only looked whether the ransomware part (WannaCry ransomware) would have been blocked.

ESET (removed from table above) would like to point out that their network protection module detected the exploit/spreading part (EternalBlue exploit) – and therefore protected the users – already since April 25th.

This blog post was updated on May 18th.

Introducing AV-Comparatives’ Malware Protection Test

Published by:

The Malware Protection Test is an enhancement of the File Detection Test which we performed in previous years. It assesses a security program’s ability to protect a system against infection by malicious files; what is unique about this test is that in addition to checking detection in scans, it additionally assesses each program’s last line of defence. Any samples that have not been detected e.g. on-access are executed on the test system, with Internet/cloud access available, to allow features such as behavioural protection to come into play.

Continue reading

Sample quality for the Malware Protection Test

Published by:

The test set for Malware Protection Test  consisted of about 38,000 samples. As we only use samples that have been analysed by our own in-house automated sandboxes, the quality of our sets is very high. Unlike some other testers, we only use malware in our tests, and do not include PUAs or other controversial software. What is malicious and what is “potentially unwanted” is sometimes debatable. We welcome feedback from vendors; however, the decision as to whether something can or cannot be classified as malware is ultimately up to us, even if our decisions may sometimes be regarded as imperfect.

Continue reading

Hacking Smart Lock Security

Published by:

Case Study: Hacking Smart Lock Security – NewSky Security

Exponential growth of smart technology and Bluetooth Smart With the booming of Internet of Things (IoT), Bluetooth Smart, or Bluetooth v4.0 (aka Low Energy or BLE), has played an increasing role in technology adoption. According to Bluetooth SIG, the global market is expected to reach 1.2 billion Bluetooth Smart devices and 2.7 billion Bluetooth Smart…

Schneier on Testing…

Published by:

Schneier on Testing…

Not, I hasten to add, on anti-malware testing, on this occasion. And since I’m not a subscriber to the Cult of Schneier – certainly when he pontificates on the shortcomings of the anti-malware industry – I would have examined any thoughts he had expressed on that specific topic with enough salt to hand for several large pinches….