About Us

The Immunet Blog is maintained by the Immunet team as a forum for discussing news and issues related to AntiVirus, security and cloud technology.


Entries from March 1, 2010 - March 31, 2010


Help us define Immunet Protect 2.0, what other AV should we support?


We are in the process of defining our 'Officially Supported' list for which other security products we will support in 'side by side' installation mode for Immunet Protect 2.0. This is an important decision for us and we'd like your input. Please drop by our community forum and have your say.

Click here to take part!


Do Consumers think about AntiVirus?

Why is it that 50% of all Internet users either don’t have AntiVirus protection or have protection that’s expired or out of date? Between 30-40,000 (thousand!) new viruses are created each DAY, and yet a large percentage of the consumer population remains vulnerable to these threats. So what’s going on here? Perhaps people are too trusting that website security professionals such as Twitter’s Trust and Safety team, or those involved in the Facebook Security Wall will just take care of malware for them.

Consumer Reports has a good phishing test for consumers (and Donna even wrote a post about the dangers to social media, a topic near and dear to all of us at Immunet). eHow has a few good steps to follow. MSNBC offers some good advice from the AP. CNET even tried to help people avoid malware from trusted site the Drudge Report.

We think more people don’t have AntiVirus due to combination of price, effectiveness (or lack thereof), resource and system drain and software conflicts that afflict traditional AntiVirus software. To be fair, without the collective benefit of a cloud-based community that can help to detect, update and defend each other against thousands of new threats daily, it takes copious resources in terms of human and technology costs (which are passed along to the consumer) for a traditional AntiVirus provider to do all the work themselves.

With Immunet Protect’s Collective Immunity, we’ve solved this problem and torn down the barriers standing in the way of increasing consumer AntiVirus penetration from 50% to closer to 100%.  The closer we are as an industry to 100% antivirus penetration, the safer the Internet becomes for everyone online.


What to do When Advice Falls Short? 

We put a focus on educating people on how to avoid getting a virus, from the basics to black SEO to social media aggregators to Facebook-specific worms to how to’s.

It seems attackers have the means to overcome today’s ‘AntiVirus common sense’ we’ve all grown to embrace, namely, only click on links from trusted sources. Now these sources can no longer be trusted.

Case in point is the new spear phishing threat targeted at social networking. Core Security Labs demonstrated this at the RSA Conference last week and lots of people have followed up on the problem. What to do?

While common sense is still very important, getting a real-time AntiVirus that recognizes a threat instantly is just as vital. Viruses take time to spread and the longer one goes undetected, the more dangerous it gets. Immunet Protect’s Collective Immunity solves this problem by detecting a virus from the community and instantly protecting all users against that virus.  


How Immunet Detects Threats, In a Nutshell

I often get asked what makes Immunet’s approach to detecting threats different than the mainstream Anti-Virus companies.  In a nutshell, our goal is to find threats which are in small parts of our community, analyze them and then protect the whole community from them as fast as possible, often in near real time.

We do not focus on obscure threats, or threats which circulate outside of our community. We are not big fans of the 'boil the ocean' approach to doing Anti-Virus. It works well for reviewers (who test with everything under the sun) but it rarely really helps your community. There is a reason people are still getting viruses and it's time we rethink our (the industry) approach to tackling this problem.

As to 'how' we convict files. All of our current approaches entail communication back and forth with the cloud so that rarely is a decision made in 'decision support isolation’. This allows you to work with the most current, up to the minute, information that we have. Here are some of the approaches we use:

  1. Generic detection of threats through broad hashing. We look for things that look 'like' threats we know of and try to further analyze them for conviction so we can protect the community. This can also be called a 'heuristic' engine if you like.  Our generic engine is ETHOS; we have another planned for May, which is called SPERO.
  2. Context conviction, this is where we make decisions based off the data we receive about a file in field. From community collected data we can make assumptions about whether a file is a virus or not. For example, did our AV stop working after it was installed? Did the system start to see other viruses after it was installed? Questions like this will often lead to answers, which make us highly suspicious of a file.  
  3. One-to-One conviction, this is where there is a known threat we've collected from the community, through collection trading or gathered from web crawling. For each of these collected (and verified malicious files) we generate a signature. When users do file look-ups this signature is sent to us, if it matches a known threat we convict the file as a virus.

There are a few other ways as well and each of those approaches above could be a daylong chat on their own but that's the mile high view today (March 7, 2010).



Mariposa Botnet Suspects Nabbed by Spain - 13 million+ Zombie PCs Infected by Virus

Today's security headlines read "Spain busts global "botnet" masterminds", which reveals that over 13 million computers from "homes, universities, companies and government agencies in almost every country in the world" were infected by a virus that turned computers into zombies. A botnet is a group or network of bot-infected PCs that are all controlled by the same "command and control center", controllable via a remote computer that can silently access personal data such as credit card data, online banking passwords and other personal information.

Known as the "Mariposa Network" after the Spanish word for butterfly, the world's biggest computer virus network was apparently "rented out" to cybercriminals by the three Spanish nationals who created the zombie network. The network was shut down just a few months ago (December 2009) after the FBI was alerted to the virus-infected network by Canadian information security firm Defence Intelligence (go Canada!).

Investigators claim that more than half of the Fortune 1,000 largest US companies and more than 40 major banks were affected by the virus, "It would be easier for me to provide a list of the Fortune 1000 companies that weren?t compromised, rather than the long list of those who were," said Defence Intelligence CEO Christopher Davis.

Which begs the question....WHY wasn't this virus, as dangerous and widespread as it was, detected sooner by the over 13 MILLION computers that became infected and hijacked by the Mariposa Network? A Defence Intelligence blog post reveals that "only 6 of the 41 antivirus groups was able to detect the malware. Given time however, most antivirus companies are able to identify the same binary." But how late is too late once your financial data is compromised?

A preliminary analysis by the Mariposa Working Group, the collaborative collaborative effort between international security experts and law enforcement agencies to eradicate the botnet, reveals the following:

• Once infected by the Mariposa bot client, the botmaster installed different malware (advanced keyloggers, banking trojans like Zeus, remote access trojans, etc.) in order to gain additional functionality into the zombie PCs.

• The botmaster made money by selling parts of the botnet, installing pay-per-install toolbars, selling stolen credentials for online services and using the stolen banking credentials and credit cards to make transactions to overseas mules.

• The Mariposa botnet spread extremely effectively via P2P networks, USB drives, and MSN links.

We're happy to see that the Mariposa botnet perpetrators have been apprehended for their criminal actions, which is not often the case since authorities rarely catch cybercriminals behind these botnets, "the bulk of which are controlled by syndicates based in eastern Europe, southeast Asia, China and Latin America" according to the article.

"Mariposa's the biggest ever to be shut down, but this is only the tip of the iceberg. These things come up constantly," said Mark Rasch, former head of the U.S. Department of Justice computer crimes unit. Reassuring, isn't it? With the growing rise of social networks and the millions of users who still remain vulnerably unprotected against viruses (~50% of global PC users by some industry estimates), the Mariposa botnet incident serves as another big wake up call that every PC user must have effective AntiVirus protection.

The financial stakes are too high for millions of PC users, corporations, and governments to ignore the need for us to work collectively to increase global AntiVirus penetration of security solutions that truly protect the collective Internet community.

Please do your part to make the Web a safer place by protecting yourself and your friends with Immunet Protect; if you do run a companion AntiVirus product that requires frequent updates, you'll want to make sure that it is in fact on and up to date. 


Take the Immunet Protect Product Survey - Win an Immunet Shirt!

Please help us improve Immunet Protect with your feedback.

Just answer 8 simple questions online: Take the Immunet Survey here

1. How did you discover Immunet Protect?

2. How would you feel if you could no longer use Immunet Protect?

3. What would you likely use as an alternative if Immunet Protect were no longer available?

4. What is the primary benefit that you have received from Immunet Protect?

5. Have you recommended Immunet Protect to anyone?

6. What type of person do you think would benefit most from Immunet Protect?

7. How can we improve Immunet Protect to better meet your needs?

8. Would it be okay if we followed up by email to request a clarification to one or more of your responses?

Please go to the onlline survey here: Immunet Protect Product Survey

Responses received before April 1st get a chance to win a free Immunet Shirt!