Avast vs Ransomware
Avast Free Antivirus versus ransomware. This is going to be fun. And as we go along, I have a great challenge for you guys. So, first of all we have some new ransomware over here.
Grabbed these samples just now, so they should be less than 24 hours old. Now what I want you to do is guess what the full names of each of these files are. Guess away in the comments all of these file names are indicators and if you've been watching this channel for long enough you should be able to figure out. And before we get started I'd like to clear out that this is not the full review of Avast Free Antivirus I will link that in the card at the top right hand corner of the screen and also at the end of the video, if you want to watch that.
This is going to be more experimental, more adventurous and we're going to be probing the product to see how it responds in different scenarios and how its zero day components work. In order to ensure that we don't have any signature interference, I have turned off the file scanner. But Avast does have a lot of interesting components like CyberCapture, so this should still be very interesting. Now to start things off, I'm going to run WannaDie because this kind of broken, wannabe ransomware (that's what it is) it's just trying to impersonate WannaCry, and it's terrible at it.
So as you can see, it's a .Net thing and at the moment it doesn't even work, kinda sucks Let's see if we can delete it. And this is the interesting part, so we can't delete it. That suggests that it has some kind of persistence. Maybe we can once we reboot it, but it wasn't picked up by Avast.
I can't really blame it though, because our pictures aren't encrypted either. Whatever it does, probably not malicious and it can't be picked up by behavioural components. So next we have a screen locker, and it seems to have successfully taken over the screen. Asking for bitcoins for a screen locker? Come on, you've got be kidding me.
I'm not going to reboot because we don't really need it, it's okay. "Elmer's Glue Locker" this is kids trying to get some money these days. Grow up. Let's continue and see if some of the real ransomware triggers Avast.
So let's try Jaff, for example. This is one of the recent ransomware samples that kind of coincided with the WannaCry campaign. It's pretty deadly. And it seems to have been picked up by the IDP Generic.
I believe this is the new AVG component added in here? It says the threat was blocked before it could do damage but that's not really true since our files are already encrypted. Anyway, we get to see that IDP is active and it is working. Unfortunately in this case, it wasn't quick enough. Here's another ransomware that I just executed.
And again, it seems to have been picked up by some zero day component IDP.Generic, I believe this is the AVG identity protection that has now been integrated with Avast products. And this computer is becoming more and more unusable now. Okay great I cannot... Oh shit.
I cannot click OK on the alert because this thing is staying on top and that means I really cannot do anything on this computer anymore so I'll just reboot the system and then we'll continue. I think I have a good idea of how many files we've executed. All right, the computer rebooted, got rid of the screen locker crap Let's just continue and run some of the other ransomware threats in here. Hmm, this one seems to be broken...
And again, the threat triggers an IDP alert from Avast. Seems the IDP component is working pretty well. Okay, now the behavioural shield is also picking it up. Again, it says IDP.SEMS.1PetyaA.
Okay, fix automatically. That should do the trick. And it is blocking more files associated with this malware. So that's good.
Let's run the last couple files so that we can finally conclude this test. This one deleted itself. And again, it is picked up, IDP.Generic. And this one cannot run on our PC for whatever reason.
So that's that. What's my takeaway here? Seems the behavioural shields of Avast are pretty active and functional IDP seems to have been integrated very well and it's working seamlessly This result is, however, in contrast to a product I tested recently Sophos Intercept X. And that was also an entirely behavioural based product but it was able to pick up the ransomware and prevent it from encrypting stuff even before it did any damage or encryption. But in this case it seems that most of the behavioural detections are coming up after the encryption.
Having said that, I'm still pleased to see that at least it is picking things up it's not oblivious to the threats. So I hope you enjoyed this video I'm curious to see your guessed file names in the comments And, well, subscribe to TPSC for more fun videos like this. Thank you for watching, and as always stay informed, stay secure..
Grabbed these samples just now, so they should be less than 24 hours old. Now what I want you to do is guess what the full names of each of these files are. Guess away in the comments all of these file names are indicators and if you've been watching this channel for long enough you should be able to figure out. And before we get started I'd like to clear out that this is not the full review of Avast Free Antivirus I will link that in the card at the top right hand corner of the screen and also at the end of the video, if you want to watch that.
This is going to be more experimental, more adventurous and we're going to be probing the product to see how it responds in different scenarios and how its zero day components work. In order to ensure that we don't have any signature interference, I have turned off the file scanner. But Avast does have a lot of interesting components like CyberCapture, so this should still be very interesting. Now to start things off, I'm going to run WannaDie because this kind of broken, wannabe ransomware (that's what it is) it's just trying to impersonate WannaCry, and it's terrible at it.
So as you can see, it's a .Net thing and at the moment it doesn't even work, kinda sucks Let's see if we can delete it. And this is the interesting part, so we can't delete it. That suggests that it has some kind of persistence. Maybe we can once we reboot it, but it wasn't picked up by Avast.
I can't really blame it though, because our pictures aren't encrypted either. Whatever it does, probably not malicious and it can't be picked up by behavioural components. So next we have a screen locker, and it seems to have successfully taken over the screen. Asking for bitcoins for a screen locker? Come on, you've got be kidding me.
I'm not going to reboot because we don't really need it, it's okay. "Elmer's Glue Locker" this is kids trying to get some money these days. Grow up. Let's continue and see if some of the real ransomware triggers Avast.
So let's try Jaff, for example. This is one of the recent ransomware samples that kind of coincided with the WannaCry campaign. It's pretty deadly. And it seems to have been picked up by the IDP Generic.
I believe this is the new AVG component added in here? It says the threat was blocked before it could do damage but that's not really true since our files are already encrypted. Anyway, we get to see that IDP is active and it is working. Unfortunately in this case, it wasn't quick enough. Here's another ransomware that I just executed.
And again, it seems to have been picked up by some zero day component IDP.Generic, I believe this is the AVG identity protection that has now been integrated with Avast products. And this computer is becoming more and more unusable now. Okay great I cannot... Oh shit.
I cannot click OK on the alert because this thing is staying on top and that means I really cannot do anything on this computer anymore so I'll just reboot the system and then we'll continue. I think I have a good idea of how many files we've executed. All right, the computer rebooted, got rid of the screen locker crap Let's just continue and run some of the other ransomware threats in here. Hmm, this one seems to be broken...
And again, the threat triggers an IDP alert from Avast. Seems the IDP component is working pretty well. Okay, now the behavioural shield is also picking it up. Again, it says IDP.SEMS.1PetyaA.
Okay, fix automatically. That should do the trick. And it is blocking more files associated with this malware. So that's good.
Let's run the last couple files so that we can finally conclude this test. This one deleted itself. And again, it is picked up, IDP.Generic. And this one cannot run on our PC for whatever reason.
So that's that. What's my takeaway here? Seems the behavioural shields of Avast are pretty active and functional IDP seems to have been integrated very well and it's working seamlessly This result is, however, in contrast to a product I tested recently Sophos Intercept X. And that was also an entirely behavioural based product but it was able to pick up the ransomware and prevent it from encrypting stuff even before it did any damage or encryption. But in this case it seems that most of the behavioural detections are coming up after the encryption.
Having said that, I'm still pleased to see that at least it is picking things up it's not oblivious to the threats. So I hope you enjoyed this video I'm curious to see your guessed file names in the comments And, well, subscribe to TPSC for more fun videos like this. Thank you for watching, and as always stay informed, stay secure..
Komentar
Posting Komentar