A malicious running process, a variant of the Remote Control System spyware, went completely identified by four antivirus programs, a fact that was reported by a security researcher. The Remote Control System was developed by the Hacking Team company as a versatile product that can work on various computer platforms and was specifically done for the surveillance needs of the government agencies.
Lack of Identification of Malicious Processes
The main developer of Detect Claudio Guarnieri has carried out a sample detection experiment. He used the free scanner to show journalists that they can find traces of spyware on their computer operating systems. This spyware is known to be applied by various government organizations.
Last Wednesday, the researcher tested several antivirus solutions, namely Avira (自由), カスペルスキー, ESET and G Data only to prove that they all failed to spot a trace of compromise on a system that has an active Remote Control System process.
No information was given about the security products configuration and it is believed that they came with default settings. しかしながら, the user would have expected the malware to be picked up by at least one layer of defense, as its process was running on the PC.
In addition to that was also shown the VirusTotal analysis dated 26th September, which revealed that at this time, none of the antivirus engines could spot the uploaded file’ malicious character.
New variants: Not Detected
VirusTotal uses limited functionality when it comes to the antivirus solutions. This means that not all detection features are used. A lot of products rely on the behavioral analysis in order to spot a malware that is new and has not been classified yet.
The Bitdefender senior malware analyst stated that the company’s antivirus product has caught the RCS sample through the method of behavioral detection.
A week ago, the developer Claudio Guarnieri posted the VirusTotal analysis on Tweeter, stating that there is a newer sample of RCS spyware, spotted as threat by only two engines. The tested RCS sample that was tested was disguised as a popular bookmark manager and had a valid digital signature.