본문 바로가기
IT 보안소식

바이러스 토탈(VirusTotal), "Baidu, Bkav, CMC" 엔진 추가 + Zemana AntiLogger 탑재!!

by 잡다한 처리 2013. 9. 21.
반응형


세계적인 멀티 AV스캐너 사이트인 바이러스 토탈(VirusTotal) 사이트에 "Baidu, Bkav, CMC" 엔진과 
"Zemana AntiLogger metadata" 기능이 새롭게 탑재되었다.

자세한 내용은 아래 링크들에서 확인 할 수 있다.
 
1) 바이두(Baidu)엔진은 인터네셔널 제품으로 다들 아시다시피 중국의 대표적인 백신이다.
- 바이러스 토탈 블로그 원문 보기 : 

We welcome Baidu International as a new engine working at VirusTotal. In the words of the antivirus company:

"Baidu international antivirus engine innovated original ultrafast cloud security technology. We established a huge Black-White sample list system. By aligning the client software on the user's computer with servers in Baidu cloud security data center, Baidu Antivirus utilizes cloud computing technology and its massive file database to quickly and accurately eradicate the latest trojans, unknown trojans, and other malicious programs. This solves the problems faced by traditional antivirus software such as the lag behind the latest trojans and viruses and the huge consumption of computer resources."


2) Zemana AntiLogger metadata 기능은 키로거 기능 또는 유출형 악성코드 탐지에 탁월한 기능을 하는 
프로그램이다.
- 바이러스 토탈 블로그 원문 보기 :

Zemana is a security solutions provider that produces, among other software, a popular antilogger, in their own words:
In a nutshell, the AntiLogger is a lightweight app that keeps track of who is doing what on your computer. Instead of identifying malware based on its signature fingerprint, like all malware products with scan functionality, the AntiLogger catches malware at the moment it attacks your computer. It will then prompt you if an illegal program is trying to record your keystrokes, capture your screen, gain access to your clipboard, microphone and webcam, or inject itself into your computer’s sensitive areas.The AntiLogger features our unique SSL Intrusion Protection technology that guards you against advanced forms of Financial Malware. The AntiLogger is one of the very few products on the market today able to detect these dangerous and complex threats. Zemana AntiLogger is not designed to replace your installed antivirus software -- it's made to detect serious threats that are outside of their scope. It adds an extra layer of essential protection to whatever anti-malware or anti-virus software you're currently using.
As part of the work that Zemana carries out with respect to these forms of malware, they come across many malicious files and are able to characterize their behaviour according to the information theft activities they carry out. Zemana has been kind enough to share some of its behavioural notions with VirusTotal and now for many of the files in our dataset you will see Zemana behavioural tags such as:


■ keylogger
 screen-capture
 webcam-capture
 microphone-access
 clipboard-monitor
 dll-injection
 driver-installation
 startup-registration
 bho-installation
 ssl-hook-installation


Please refer to the additional information tab of the following report in order to see how this data is rendered publicly:

This information is particularly interesting as it characterizes behaviour in end-user physical machines, i.e. real-world scenarios, so it can overcome common problems with behavioural sandboxes such as virtual machine detection. But the metadata shared does not limit to this, as they are also providing interesting data such as the in the wild file names for certain malware, which can sometimes be a hint regarding the dissemination and propagation strategies used by attackers.

Additionally, since Zemana is not designed to replace installed antivirus software but rather as a complementary security layer, they are very often able to detect zero-day malware with low detection rates, samples that they are actively sharing with VirusTotal in order to improve detection rates world-wide and help make the Internet a safer place.

Thank you Zemana team! Keep up the good work!


3) Bkav 엔진은 베트남 안티바이러스 제품이다. 이름은 많이 알려지지 않은 제품이지만, 
생각보다 탐지력이 아주 높다^^

- 바이러스 토탈 블로그 원문 보기 : http://blog.virustotal.com/2013/09/virustotal-bkav.html

We welcome Bkav as a new engine working at VirusTotal. This scanner includes both signature based and cloud technologies. This vietnamese company, established in 1995, is also a smartphone manufacturer.


4) CMC 엔진은 베트남의 대표적인 모바일 안티바이러스 제품이다.
- 바이러스 토탈 블로그 원문 보기 : http://blog.virustotal.com/2013/09/virustotal-cmc.html

We welcome CMC as a new engine working at VirusTotal. In the words of the antivirus company:

"CMC featured in house developed engine called Odin with static, dynamic unpackers, an x86 virtual machine to provide advanced de-obfuscation and in-memory engine to detect malware called Sonar. There is also a reputation based system named CMCRadar to accelerate response time, early warnings and global white listing."


댓글