A Rogue Story: Refining Our Detection to Keep You Safer

by Erin on November 24th, 2009 in Industry and Security News, News about Lavasoft.

We have an Ad-Aware update that we’d like to call your attention to today. About one year ago, we added a rogue security program called Winiguard into Ad-Aware’s Detection Database, in order to keep you safe from yet another program that peddles itself as legitimate security software in an attempt to exploit computer users. But this story doesn’t end there.

A favorite tactic of malware authors is to update their creations, making clones and variations of original programs to try to get past your defenses – and that’s just what the bad guys have proven to do with this rogue. In fact, our analysts have been adding a steady stream of new variations of this one into detection the past year, including as recently as the beginning of this month. You may also know Winiguard by the names of its clones: Blockprotector, Softstronghold, Shieldsafeness, Trustfighter, and Blockdefense.

One of the latest clones in the Winiguard family: BlockprotectorOne of the latest clones in the Winiguard family: Blockprotector

Our Malware Labs analysts recently found that these particular malware authors had begun to use another underhanded technique, this time using  anti-detection tricks (we’re going to refrain from going into specifics – we don’t need to give the malware makers any further ideas!) in an attempt to evade Ad-Aware’s detection. But, thanks to the work of our team here at Lavasoft, we were able to uncover what was happening, and implement a fix in our last Ad-Aware release to refine our detection method.

What does all this mean for you? The bottom line: Ad-Aware detects Winiguard, and our malware analysts are continuing to work to add any new clones of this family into detection in order to keep you protected against them.

It’s all in a day’s work here behind the scenes at Lavasoft!