How does virus or trojan work ?

[rsutoratosu]

I have a computer with symantec end point loaded but some how going to a site, the computer was infected

The attackers behind this threat have been known to utilize exploit packs in order to craft Web pages to exploit vulnerable computers and infect them with Trojan.Zbot.

http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99&tabid=2

Shouldn't the active scan pick this up ?

 

[Bubbaleone]

AFAIK, all flavors of Zbot use a 'social engineering' vector to infect your PC; meaning you had to have convinced yourself to click on a link or email attachement in order to get infected. That's the big problem with malware that uses this vector; you (albeit inadvertently) gave the malware permission to install itself, thus your AV doesn't detect anything wrong. Unless you have your AV specifically configured for PUP (potentially unwanted program), and PUM (potentially unwanted modification) detection, and heuristic analysis enabled, your AV won't stop a Zbot.

 

[Charlie98]

AFAIK, all flavors of Zbot use a 'social engineering' vector to infect your PC; meaning you had to have convinced yourself to click on a link or email attachement in order to get infected. That's the big problem with malware that uses this vector; you (albeit inadvertently) gave the malware permission to install itself, thus your AV doesn't detect anything wrong. Unless you have your AV specifically configured for PUP (potentially unwanted program), and PUM (potentially unwanted modification) detection, and heuristic analysis enabled, your AV won't stop a Zbot.

That's how it was explained to me, once. Essentially there isn't anything the AV can see until you click on a link... and the computer figures if you are clicking on it, it must be OK... and allows it to open.

 

[rsutoratosu]

so you can't watch a user all day long, what do you use ?

 

[lxskllr]

so you can't watch a user all day long, what do you use ?

Give the user as few rights, and as much education as possible. In the end, there's limits on what you can do, especially if the user needs a level of freedom to do their job.

 

[rsutoratosu]

i just read a few article, no admin acces no virus/malware = dont bet your life on it..

seems some of these virus trojan are getting a lot better some how..

 

[Bubbaleone]

i just read a few article, no admin acces no virus/malware = dont bet your life on it..

seems some of these virus trojan are getting a lot better some how..

What's the scenario you're talking about? I mean for example; kids on your home network browsing bad sites, you're a small business owner with a limited number of PCs on your network, working in IT for a bigger operation, but in any case you're looking for a better security solution than what you have now?


.

 

[gitano]

+1 to the "social engineering" part, the user its allways the weak link.

Advertisment networks have a high rate of malware too, its possible to even get infected whitout clicking when browsing, using some addblock software to block adds can have the benefit to avoid a good amount.

Flash and Java are big offenders also, so keep flash up-to date and unistall Java when not using it.

On the anti software part i find using Security Essentials + Malwarebytes its more then enough.