I am sure that most of you are running an antivirus software since I shared a lot of promotions and gave out free licenses from time to time. Antivirus are an important software to keep your computer from being infected by virus BUT it shouldn’t be something that you should totally 100% rely on. The current antivirus software is not like antivirus 10 years ago when an antivirus detects it as a virus, it IS a virus.
As for now, when an antivirus detects a software which I downloaded from a a trustworthy source as harmful or malicious, I’d rather trust the source rather than the antivirus. Of course, I would only take it as a warning and then analyze it in ThreatExpert. A lot of antivirus today implements heuristic scanning method which is the main cause of false detection. Heuristic scanning is a method for antivirus to analyze the instructions of a program to determine if it is a virus or not. It is mainly used to check for new undetectable virus or trojan.
When a software gets detected by an antivirus, there are 2 ways to fix it. Either contact the antivirus company about the false detection and wait for weeks to get it fixed or use some private version of crypters for an immediate solution.
Crypters are tools that makes another software undetectable by antivirus. Since crypters has the ability to make a virus or trojan undetetected by antivirus, most of the downloadable public versions of crypters that can be found in search engines are already being detected by antivirus as a threat. Another important rule is not to simply download any crypters that you find because some of them are embedded with malicious code that opens up a backdoor and allows the hacker to get in your computer.
Since I have a private version of a crypter called iCrypt, let me show you how it works. I will use Nirsoft’s MessenPass as a test. MessenPass is a password recovery tool that reveals the passwords of the instant messenger applications. I uploaded MessenPass to NoVirusThanks and 9 antivirus out of 24 found that it is infected. MessenPass is actually a clean tool but because it can dig out password from a computer, some paranoid antivirus company thinks that it is a hack tool.
Now I launch iCrypt and select mspass.exe to crypt.
Here are some options to choose. According to the instruction file, if the EOF box is enabled, then I should check the box. As for NTcompression, it is only used when need to bind or attach extra files to mspass.exe. Anti Methods is for enabling Anti sandbox. Meaning when a user tries to run the crypted file in a sandbox program such as sandboxie, it won’t run.
The next page I get to bind up to 6 files. Binding means combining a few files into one so when you run a single file, it actually launches all 6 files.
Finally, I get to make it undetectable by using a custom private stub. As for file clone, it is a must use option as well. Simple select a legitimate program that is not flagged as a virus (I select 7-Zip). I then click the Build button and I get a new file.
Now I scan the new crypted file in NoVirusThanks and NONE of the 24 antivirus detected it as infected.
When you buy a private version of iCrypt, you get a unique custom stub which can make a program undetectable by antivirus. A unique stub doesn’t get shared so it will remain undetected for a very long time but not forever. Overtime, some really good antivirus will find out how the crypter works and it gets detected. That’s when the support comes in and provide a new update with new methods to beat the detection.
First iCrypt unique stub I got 3 months ago: 5 out of 24
Second iCrypt unique stub I got 1 month ago: 2 out of 24
Third iCrypt unique stub I got this month: 0 out of 24
Private version of Trojan I got more than a year ago: 6 out of 24
First BCD unique stub but shared among members I got 5 months ago: 13 out of 24
Second BCD unique stub I got 2 months ago: 4 out of 24
Can you now see that an antivirus can’t keep your computer 100% safe? The truth is there are a lot of undetectable virus or trojan lying around the Internet and you won’t even know that it is one. Having a firewall and also always analyze an unknown file in sandbox helps to keep your computer safe.
[ Visit iCrypt ]
Related posts: