Hanno's blog

Entries tagged as mcaffee

Related tags

Monday, October 10. 2011

Anti-virus applications and the Bundestrojaner

BundestrojanerTwo days ago, the german Chaos Computer Club (CCC) published a sample that's supposedly a variant of a german state spy software (the so-called "Bundestrojaner").

You might wonder if your anti virus software is protecting you. The webpage Virus Total lets you upload suspicious files, scans them with 43 different anti virus applications and presents you the result. Currently, 24 of 43 scanners detect the Bundestrojaner.

The CCC provides some further information where they state that the file they released is not the original one - they had several samples that differed and to avoid detection of the potential source, they changed the differing parts to something completely else. You might wonder if your anti virus app also detects the "original" Bundestrojaner and not just the modified file the CCC released.

We can easily check this if we change the modified pieces again to something else. A modified variant lowered the detection rate to 14 of 43 - amongst them the popular McAffee software. Now, it's pretty useless to only detect the exact published sample of a malware if we know that the original malware is different.

ApplicationVersionSig dateModified sampleOriginal CCC sample
AhnLab-V32011.10.08.012011-Okt-09Trojan/Win32.R2d2Trojan/Win32.R2d2
AntiVir7.11.15.1752011-Okt-09TR/GruenFink.1TR/GruenFink.1
Antiy-AVL2.0.3.72011-Okt-09--
Avast6.0.1289.02011-Okt-09Win32:Trojan-genWin32:Trojan-gen
AVG10.0.0.11902011-Okt-07--
BitDefender7.22011-Okt-10Backdoor.R2D2.ABackdoor.R2D2.A
ByteHero1.0.0.12011-Sep-23--
CAT-QuickHeal11.002011-Okt-07--
ClamAV0.97.0.02011-Okt-10Trojan.BTroj-1Trojan.BTroj-1
Commtouch5.3.2.62011-Okt-10-W32/R2D2.A
Comodo104072011-Okt-10-Backdoor.Win32.R2D2.A
DrWeb5.0.2.033002011-Okt-10--
Emsisoft5.1.0.112011-Okt-10Trojan.Win32.Bundestrojaner!A2Backdoor.Win32.R2D2!IK
eSafe7.0.17.02011-Okt-06--
eTrust-Vet36.1.86052011-Okt-07--
F-Prot4.6.2.1172011-Okt-09-W32/R2D2.A
F-Secure9.0.16440.02011-Okt-10Backdoor:W32/R2D2.ABackdoor:W32/R2D2.A
Fortinet4.3.370.02011-Okt-10-W32/R2D2.A!tr.bdr
GData222011-Okt-10Backdoor.R2D2.ABackdoor.R2D2.A
IkarusT3.1.1.107.02011-Okt-10-Backdoor.Win32.R2D2
Jiangmin13.0.9002011-Okt-09--
K7AntiVirus911552582011-Okt-08--
Kaspersky9.0.0.8372011-Okt-09Backdoor.Win32.R2D2.aBackdoor.Win32.R2D2.a
McAfee5.400.0.11582011-Okt-10-Artemis!930712416770
McAfee-GW-Edition2010.1D2011-Okt-09-Artemis!930712416770
Microsoft177022011-Okt-10Backdoor:Win32/R2d2.ABackdoor:Win32/R2d2.A
NOD3265292011-Okt-10Win32/R2D2.AWin32/R2D2.A
Norman6.7.20112011-Okt-09--
nProtect2011-10-10.012011-Okt-10--
Panda10.0.3.52011-Okt-09-Suspiciousfile
PCTools8.0.0.52011-Okt-10Backdoor.R2D2Backdoor.R2D2
Prevx3.02011-Okt-10--
Rising23.78.06.022011-Okt-09--
Sophos4.70.02011-Okt-10Troj/BckR2D2-ATroj/BckR2D2-A
SUPERAntiSpyware4.40.0.10062011-Okt-08--
Symantec20111.2.0.822011-Okt-10Backdoor.R2D2Backdoor.R2D2
TheHacker6.7.0.1.3182011-Okt-09--
TrendMicro9.500.0.10082011-Okt-09--
TrendMicro-HouseCall9.500.0.10082011-Okt-10-BKDR_R2D2.A
VBA323.12.16.42011-Okt-07--
VIPRE107182011-Okt-10-Trojan.Win32.Generic!BT
ViRobot2011.10.10.47102011-Okt-10--
VirusBuster14.1.3.02011-Okt-09--

Scans done Monday morning around 8:00.
Posted by Hanno Böck in Computer culture, English, Politics, Security at 20:05 | Comments (0) | Trackbacks (0)
Defined tags for this entry: , , , ,
(Page 1 of 1, totaling 1 entries)

About me

You can find my web page with links to my work as a journalist at https://hboeck.de/.

You may also find my newsletter about climate change and decarbonization technologies interesting.

Hanno Böck
mail: hanno@hboeck.de

Hanno on Mastodon

Impressum

schokokeks.org

Creative Commons

CC0
Unless noted otherwise, all content is CC Zero / public domain

Show tagged entries

Frontpage
Datenschutz / Privacy