News

Back 15November

New Antivirus Scanner Release to Detect Malware that Starts Before the Operating System Does

Cezurity, a Russian malware protection and anti-hacking software company, announced a new release of Antivirus Scanner. Version 3.0 of the product takes advantage of Deep Insight, an innovative method of bootkit detection and removal. Bootkits are malicious programs that gain root access to computer systems, making their detection and removal a daunting task for most antivirus solutions. In addition, the new Scanner release enables protection against malicious extensions to Yandex.Browser and Mail.ru Browser.

Detection and removal of bootkits is one of the toughest challenges for the antivirus industry today. Bootkits are malicious programs that infect the boot sector of a hard drive. Boot sectors store data necessary to start the operating system. Infecting the boot sector enables malware to start ahead of operating system and antivirus, and by doing so gain control over the computer. Bootkits often come bundled with rootkit components that help hide malicious activities from antivirus software. For example, malware is able to cheat operating system or antivirus software on attempt to access an infected item by substituting it with the original uninfected item.

Introduced by Cezurity, the Deep Insight method involves collecting data about boot sectors and other critical computer components that may have been modified as a result of infection. This data is summarized and transferred to the Cezurity Cloud for analysis. Data is collected at a very low, near-hardware level, without using the operating system. Obtained data is summarized and made subject to comprehensive analysis in the Cezurity Cloud. A part of analysis involves comparing data received from different computers. This allows detecting anomalies that are instrumental in deciding whether a system has been compromised.

“Two distinct trends are underway when it comes to computer security,” said Yulia Mikheyeva, Lead Antivirus Expert at Cezurity. “First of all, every year brings dramatic increase in diversity of relatively simple malware, which is a consequence of technology being available to a wide range of newbie virus developers. On the other hand, although new sophisticated viruses are not as quick to emerge, people developing them are pushing the limits of creativity. Antivirus software that relies on local computer scanning, whether signature-based or behavioral, can’t adequately address threats anymore. This is true both for simple threats that show exponential growth and complex threats that are getting more and more refined. In the past, employing cloud technologies was seen as not much more than a useful development but today there’s no way antivirus systems can provide efficient protection without cloud computing.”

The new version of Antivirus Scanner also adds detecting malicious extensions for two Russian browsers, Yandex.Browser and Mail.ru Browser. Although both of these browsers are based on Google Chromium platform, each of them requires dedicated protection tools. This new feature enables Antivirus Scanner to detect malicious extensions for all browsers that are popular in Russia and CIS, namely Chrome, Internet Explorer, Firefox, Yandex.Browser, and Mail.ru Browser.

“We have updated Antivirus Scanner to detect malicious extensions to Chrome and Firefox in July this year,” said Yulia Mikheyeva. “We have since learned that out of all virus incidents in systems protected by other antivirus programs, about a quarter is related to browser extensions. Users install browser extensions themselves, unaware of malicious functionality hidden inside them.”

Existing Antivirus Scanner users do not need to take any additional action in order to use the new version: update and migration of settings are fully automatic.