At first glance the WannaCry and NonPetya outbreaks are no different from the CryptoLocker outbreak of 2015 or the CryptoWall outbreak of 2014. Some of us may even remember the first file-encrypting malware, called PC Cyborg Trojan (aka AIDS Trojan) discovered in 1989. So security insiders may ask themselves in despair: How many fools does it take, to make the same mistake over and over again?
Security News
On this page you will find links to selected IT-security related news articles from various sources, including news from conferences and some test results. Posts in this category might be written by externals and students. If you find some interesting news, please let us know!
Malware in the media – June’s “fire in the hole”
Fire in the hole is a warning that an explosion is about to occur. In old days coal miners used to yell this three times before igniting dynamite. In those days dynamite was used to break rock and dig tunnels to excavate coal. The military adopted this expression to warn of an impending explosion.
Spotlight on security: Pi-hole a blackhole for Internet advertisements
Starting from June, AV-Comparatives will highlight an interesting event, idea, initiative, announcement or product which will make the digital world a safer place to surf and live in. We will kick off with an interesting piece of software originally developed for the Raspberry Pi, called Pi-hole.
Malware in the media – May’s lesson
Month after month, our Real-World Protection Tests show an increase in ransomware prevalence. For people following the security industry, this is no surprise, since many security vendors (e.g. Adaware and Avast) have been predicting this.
Proactive protection against the WannaCry ransomware (not the exploit)
The WannaCry ransomware has been a major news story over the last few days. It has infected hundreds of thousands of computers worldwide (mostly in Russia), including some well-known companies and institutions. All the programs in our public Main Test Series now detect the WannaCry malware samples by means of signatures, but we decided to find out which of these programs would have blocked the malware sample (not the exploit) proactively, i.e. before the the outbreak started and the malware samples became known.
Introducing AV-Comparatives’ Malware Protection Test
The Malware Protection Test is an enhancement of the File Detection Test which we performed in previous years. It assesses a security program’s ability to protect a system against infection by malicious files; what is unique about this test is that in addition to checking detection in scans, it additionally assesses each program’s last line of defence. Any samples that have not been detected e.g. on-access are executed on the test system, with Internet/cloud access available, to allow features such as behavioural protection to come into play.
Sample quality for the Malware Protection Test
The test set for Malware Protection Test consisted of about 38,000 samples. As we only use samples that have been analysed by our own in-house automated sandboxes, the quality of our sets is very high. Unlike some other testers, we only use malware in our tests, and do not include PUAs or other controversial software. What is malicious and what is “potentially unwanted” is sometimes debatable. We welcome feedback from vendors; however, the decision as to whether something can or cannot be classified as malware is ultimately up to us, even if our decisions may sometimes be regarded as imperfect.
Certificate authorities issue SSL certificates to fraudsters
https://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html
Safe Harbor agreement ruled invalid by top EU court
https://nakedsecurity.sophos.com/2015/10/06/safe-harbor-agreement-ruled-invalid-by-top-eu-court/