Helping yourself and the anti-spyware community with Ad-Watch

by santonov on July 9th, 2006 in Researcher Comments.

The number of malicious files released daily is a real problem for Anti-Spyware companies. The faster files are obtained and analysed, the quicker these go into detection and thus provide protection to the user. However, sometimes this method is really not enough... Only this afternoon, while enjoying 'breakfast', I was looking at a site well known for distributing tons of malicious content and I could see that it was continuously changing and updating its malicious files, so that signatures created to remove it would be outdated within 30 mins.

However, luckily for my test machine, Ad-Watch kicked in and stopped the new ones dead in their tracks. The reason for this is the method in which Ad-Aware (with Ad-Watch) can block new versions of existing bad files. Certain types of malware, such as trojan downloaders, share characteristics which make it easier to recognise them before they are installed and before they drop their 'nasties' on the system. Some of the trojan downloaders out there are truly evil! Dollarrevenue is one we see all the time - this one is easily force-installed simply by visiting a bad site with Internet Explorer and it will happily destroy a windows machine in a matter of minutes.

Again, Ad-Watch to the rescue... By using Ad-Watch, you are not only protecting yourself from these kind of threats, but you can also make a contribution by capturing these blocked files and submitting them to the Anti-Spyware community.

Well... I better get back to this so-called 'breakfast'...