Security vendors doing their best to keep their product signatures up-to-date. The earlier they know about new threats the earlier they are able to update signatures for their security products. If they don’t know about at an early state of – for example – a virus-infection, they are losing not only time but effectiveness.
While researching the code behind a crimeware-toolkit the security-vendor Finjan found the following code:
Code extract
Overall, there were a few thousand IP addresses of security vendors in the industry on that list. Obviously the hacker blacklisted the IP addresses with the intention to minimize the risk of being researched by the vendors and – somehow – blacklisted by them. This approach prolongs the time of not being detected by security products and – in fact – it allows them to stay effective for a longer time. This shows the necessity of real-time code inspection to deal with threats like thees.
