Hackers Breached 3 US Antivirus Companies, Researchers Reveal

In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. From a report: The collective, calling itself "Fxmsp," is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims. Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified "the potential victim entities" of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data "through a private conversation," Boguslavskiy said. "However, they claimed that their proxy sellers will announce the sale on forums."

Anti-Virus?

[DatbeDank]

I haven't used anti-virus software in years since I dumped IE for whatever the browser du jour is alongside uBlock Origin and Nano Defender.
The last items being the two parts of the holy browsing trinity if you use a browser like Brave.

Haven't had a need for antivirus since and with this news, I'm glad I don't use it!

Re:

[Anonymous Coward]

I haven't used anti-virus software in years...

The internet thanks you and it loves your computer too!

Re:

[johnsie]

No, but it is a step you can take to protecting you against viruses that have been discovered by the AV devs. Good idea to have one in place. We run one in work that reports everything to a server and it catches things every once in a while. You'd be very foolish not to run a decent AV in a corporate environment, and in many industries it's actually a legal requirement. These things get audited in the financial world.

Re:

[MooseTick]

Just because AV doesn't stop nation state attacks using 0-day exploits doesn't make them CRAP. If anything, they can let you know you have been compromised and act accordingly when that 0-day is 90 days old.

Re:

[MooseTick]

That's like saying the flu shots are worthless because there is always a new variant. AV software isn't perfect, but it is often better than nothing. This is especially true for non-tech folks who click on anything.

Re: AV by definition cannot protect you.

[locketine]

Most AV use cloud based machine learning algorithms to detect tweaked variants of virii, as well as totally unknown ones that act suspiciously like a virus.

The virus dev would likely not check their virus with the cloud based feature on because the longer it has time to analyze their new virus the more likely it is detect it. Plus the AV software would probably profile the dev's computer and target it for law enforcement.

Re:

[grep -v '.*' *]

I haven't used anti-virus software in years since I dumped IE for whatever the browser du jour is alongside uBlock Origin and Nano Defender. The last items being the two parts of the holy browsing trinity if you use a browser like Brave.

Hadn't heard of Nano Defender [google.com] before. Glad it works with Brave [brave.com], that I just recently switched to, and UBlock Origin [google.com]. So what's Defender do that NoScript [google.com], recently released for Chrome, doesn't?

Nano extra installation steps [github.io] for UBlock.

Re:

[Agret]

Nano Defender features anti-anti-adblock so it will attempt to bypass the checks on sites that detect adblocking.

Re:

[Trimaz]

Oh, you're one of those. I too browser /g/ and have also not used anti-virus software in years because I use Arch Linux.

Re:

[apparently]

I haven't used anti-virus software in years since I dumped IE for whatever the browser du jour is alongside uBlock Origin and Nano Defender. The last items being the two parts of the holy browsing trinity if you use a browser like Brave.

Third-party browsers aren't magic. It hasn't even been a week since Firefox had an oopsy, and disabled all Firefox-extensions [slashdot.org]

Haven't had a need for antivirus since and with this news, I'm glad I don't use it! The more likely reality is that you're running Windows 10, and don't realize that Windows Defender is built-in.

Re:

[johnsie]

Glad you are so proud of your bad security practices. It's like reading posts by anti-vaccination people or flat earthers. Please tell us, how do you know you haven't had a virus?

Re: Anti-Virus?

[locketine]

How do you know if you don't need antivirus software? AV software is responsible for detecting the virus as well, isn't it? I know some virii are obvious but most aren't. Most are passive enough that you won't have a clue that they're there until you notice charges on your credit card that you didn't make, or maybe an extra line of credit you didn't request, etc.

Is that all?

[theCat]

If all they did is lift the code -- rather than say code in a backdoor or cause it to not examine certain exploits -- then I am extremely disappointed in the current crop of haxorz.

Re:

[phantomfive]

Can you imagine trying to understand the source code for Symantec antivirus? It is almost certainly a giant hedge maze of a mess, with a broken build system and three million dependencies.

Security through obscurity.

Re:

[fahrbot-bot]

Can you imagine trying to understand the source code for Symantec antivirus?
It is almost certainly a giant hedge maze of a mess, ....

Symantec AV product was initially built on top of Adventure [wikipedia.org].

YOU ARE IN A MAZE OF TWISTY PASSAGES, ALL ALIKE.

Re:

[AmiMoJo]

Around 2007 Norton Antivirus, as it was called then, actually got good. Quick install, minimal performance impact, didn't nag you about "tracking cookies" and other bullshit. You could even uninstall it without bricking your computer.

It was a revelation after years of it being a complete bastard. But then the 2008 edition was a little more persistent with the notifications, and by 2010 it was back to being a pile of kak again. Apparently they tried making a good AV product, and realized that making a shit A

You know what might be relevant?

[kehren77]

The names of the 3 companies. That might be something that would be helpful as a concerned consumer.

Re:

[guruevi]

At that price, I'm imagining Symantec, McAfee and Sophos, the largest but at the same time worst antivirus companies.

Re:

[AHuxley]

3 of them :)

AV is about trust

[Anonymous Coward]

An AV company is someone you allow to root your system, in exchange for protecting it against threats. The AV agent has, realistically, better than root access. Any binary pushed (and hopefully signed) by the AV vendor via an update will get executed on your system without any kind of intervention.

Do you trust your AV vendor like that? I know I would not trust most. I wouldn't trust any AV vendor based in Russia or China because the state essentially controls them (Hello state security apparatus spyware!)

Th

They didn't listen.

[Tablizer]

They should have used anti-virus software ... oh, wait

Re:

[gweihir]

Maybe they should have used Kaspersky...

Re:

[johnsie]

Maybe they already have Kapersky and just don't know it yet ;)

Hackers breach network ..

[najajomo]

“.. researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors”

What was the name of the Operating System these three US-based antivirus software vendors ran on?

What was the name of the these three US-based antivirus software vendors?

Why didn't their AV product detect the breach?

“Fxmsp has claimed that