Wednesday, September 04, 2013

, ,

VirusTotal += Zemana AntiLogger metadata

Zemana is a security solutions provider that produces, among other software, a popular antilogger, in their own words:
In a nutshell, the AntiLogger is a lightweight app that keeps track of who is doing what on your computer. Instead of identifying malware based on its signature fingerprint, like all malware products with scan functionality, the AntiLogger catches malware at the moment it attacks your computer. It will then prompt you if an illegal program is trying to record your keystrokes, capture your screen, gain access to your clipboard, microphone and webcam, or inject itself into your computer’s sensitive areas.The AntiLogger features our unique SSL Intrusion Protection technology that guards you against advanced forms of Financial Malware. The AntiLogger is one of the very few products on the market today able to detect these dangerous and complex threats. Zemana AntiLogger is not designed to replace your installed antivirus software -- it's made to detect serious threats that are outside of their scope. It adds an extra layer of essential protection to whatever anti-malware or anti-virus software you're currently using.
As part of the work that Zemana carries out with respect to these forms of malware, they come across many malicious files and are able to characterize their behaviour according to the information theft activities they carry out. Zemana has been kind enough to share some of its behavioural notions with VirusTotal and now for many of the files in our dataset you will see Zemana behavioural tags such as:

  • keylogger
  • screen-capture
  • webcam-capture
  • microphone-access
  • clipboard-monitor
  • dll-injection
  • driver-installation
  • startup-registration
  • bho-installation
  • ssl-hook-installation

Please refer to the additional information tab of the following report in order to see how this data is rendered publicly:

This information is particularly interesting as it characterizes behaviour in end-user physical machines, i.e. real-world scenarios, so it can overcome common problems with behavioural sandboxes such as virtual machine detection. But the metadata shared does not limit to this, as they are also providing interesting data such as the in the wild file names for certain malware, which can sometimes be a hint regarding the dissemination and propagation strategies used by attackers.

Additionally, since Zemana is not designed to replace installed antivirus software but rather as a complementary security layer, they are very often able to detect zero-day malware with low detection rates, samples that they are actively sharing with VirusTotal in order to improve detection rates world-wide and help make the Internet a safer place.

Thank you Zemana team! Keep up the good work!


Post a Comment