News - Malware & Hoax - TG Soft Cyber Security Specialist

17/07/2012
12:21

After the ever growing number of infections from RootKits of the Yoshi family, C.R.A.M. decided to make a test on the identifications rate over the numerous variants with a lot of "surprises"...

Yoshi, aka ZeroAccess / Max++, is a RootKit that has been seen a lot recently. Most of the AV are striving to recognize its variants right now, discover the most efficients ones...

C.R.A.M. while analyzing actually circulating viruses of June 2012 (Virus/Malware June 2012 statistic) recorded the presence, in two positions of the TOP10, of malicious agents of the Rootkit family, a very hard to remove virus typology; These two agents are really complex variants of the infamous RootKit Yoshi, also known as ZeroAccess or Max++.
These new and more complex malware agents of the Yoshi family had a notable developement on June 2012. New versions appear every day.

As of today, C.R.A.M. have identified more than 100 variants of Yoshi.A malware, differents from each other, but that has been recorded into the same category (Yoshi.A, as said).
C.R.A.M. identified the cause of his vast diffusion in the ability of the virus to execute itself with new methods, previously uknown, and this, obviously, have let it infect PCs all over the world without it being recognized most of the times. By consulting the TOP10, it's notable that merging all variants into one single identifier skyrocketed his way up the TOP10 itself.

In the table below we can see the results regarding our AV test made on top of 206 actually circulating infections that was reported to C.R.A.M. starting from 23 may 2012. You can also click on every AV name to look at the AV reports yourself!

Antivirus e/o Antispyware	Versione	Aggiornato al	N. Files Identificati/Totale	% Identificativa
Vir.IT eXplorer	7.1.98	16/07/2012	206/206	100%
TrendMicro Maximum Security	Firme 9.281.50	24/07/2012	199/206	97%
Panda Cloud Antivirus	Versione 2.0	20/07/2012	196/206	95%
Bit Defender *		24/07/2012	193/206	94%
Avira Antivir Personal	12.0.0.157 - Motore 8.2.10.118	23/07/2012	193/206	94%
McAfee Viruscan	Versione 15.0 - Motore 5400.1158	20/07/2012	193/206	94%
Avast	7.0.1456 - Firme 120723-0	23/07/2012	191/206	93%
Kaspersky Antivirus 2012	12.0.0.374 - Firme 9733782	25/07/2012	189/206	92%
Norton 2012 *	Versione 19.7.1.5	20/07/2012	172/206	84%
AVG Free Antivirus *	12.0.2197 - Firme 5152	23/07/2012	171/206	83%
ESET Nod32	Firme 7315	20/07/2012	143/206	69%
Sophos Anti-Virus	10.0.6 - Firme 3.33.2/4.79g	24/07/2012	22/206	11%

* On some antiviruses analyzed object could be more than 206 because they also count folders as objects( such as Vir.IT eXplorer) but they are NOT being counted on the report results.

This test aims to give a realistic view of the interceptive efficacy of various AV softwares on some of the most common and actually circulating virus variants of the Yoshi Rootkit, by placing all products into the same test conditions.

This test, obviously, can't be seen as an exhaustive test, because it has been executed on just one category of RootKit and on "just" 206 infected files, but it wants to underline that even some of the most rated and internationally awarded antiviruses are really striving to deal with this kind of malware and if it would've been insertend onto one of the international tests some awards wouldn't've been given so easily.

One last consideration, even if it's banal, is that you can't be 100% safe and protected even by using all AV software at the same time neither from past, present or future viruses and malwares.

For this reason TG Soft has developed Vir.IT eXplorer Lite -Free Edition- to be interoperable with all the other AntiViruses and as light as possible to raise the protection leve of the PC. Try it for free, for privates or for professionals, just visit our DOWNLOAD page.

C.R.A.M. Centro Ricerche Anti Malware by TG Soft

Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

This website uses cookies
We use cookies to customize language, content and provide technical functionality. They are NOT used for profiling or reselling to third parties. There are pages where "Google reCaptcha" will be present, even in this case, our purpose is only to be able to ascertain the presence of human interaction and not automatic Bots.

Necessary 5

The necessary cookies help make the website usable by enabling basic functions such as page navigation. The website cannot function properly without these cookies.

ASP.NET_SessionId [x2]
Preserve the user's status on the different pages of the site.

Expiration: Session

Type: HTTP

cookie_accettati [x1]
Stores the user's cookie consent status for the current domain

Expiration: 1 year/s

Type: HTTP

lang [x1]
Stores the selected language

Expiration: 1 year/s

Type: HTTP

ASPSESSIONIDxxxx
Technical cookie for the management of interactions with the user

Expiration: Session

Type: HTTP

Necessary (for use and access to specific areas) 2

Cookie necessary to make certain specific contents usable such as: access to protected areas of the site, sending requests or subscribing to newsletters. The specific features of these sections will not be usable without this cookie.

_GRECAPTCHA [x1]
Necessary to verify human interaction.
Used to send quotes, access restricted areas and all those points where security is a fundamental component.

Expiration: 6 month/s

Type: HTTP

cookie_google [x1]
Flag for acceptance of Google reCAPTCHA cookies

Expiration: 6 month/s

Type: HTTP

Accept the reCAPTCHA Terms of Service:
By accessing or using the reCAPTCHA APIs, you agree to the Google APIs Terms of Use, Goodle Terms of Use, and to the Additional Terms below. Please read and understand all applicable terms and police before accessing the APIs.

reCAPTCHA Terms of Service:
You acknowledge and understand that the reCAPTCHA API works by collecting hardware and software information, such as device and application data and the results of integrity checks, and sending that data to Google for analysis. Pursuant to Section 3(d) of the Google APIs Terms of Service, you agree that if you use the APIs that it is your responsibility to provide any necessary notices or consents for the collection and sharing of this data with Google.

Data collected by reCAPTCHA:
The reCAPTCHA algorithm will check for the presence of a Google cookie (usually _ga)
If not present, a specific reCAPTCHA cookie will be added to the browser of the user and will be captured - pixel by pixel - a complete snapshot image of the user's browser window at that time.
Some of the browser and user information currently collected includes:
All cookies placed by Google in the last 6 months
How many mouse clicks did you make on that screen (or touch if on a touch device)
The CSS information for that page
The exact date
The language in which the browser is set
Any plug-in installed in the browser
All Javascript objects

After the ever growing number of infections from RootKits of the Yoshi family, C.R.A.M. decided to make a test on the identifications rate over the numerous variants with a lot of "surprises"...

Vir.IT eXplorer PRO is certified by the biggest international organisation: