Avast WEBforum

Other => Viruses and worms => Topic started by: dean86 on June 05, 2019, 01:48:28 AM

Title: Avast failing to detect rapidly spreading virus
Post by: dean86 on June 05, 2019, 01:48:28 AM

I have been an Avast user for years at my business and my home and I've always felt well-protected. However, you have been failing to detect a virus (JS/Agent.OCJ) for over 2 weeks now that has been spreading across the Internet like crazy (see https://www.zdnet.com/article/hackers-are-collecting-payment-details-user-passwords-from-4600-sites/). I have left multiple copies using your form but still it goes undetected. Please add the current version of this to your virus definitions.

Thanks,

D

Title: Re: Avast failing to detect rapidly spreading virus
Post by: Pondus on June 05, 2019, 07:33:36 AM

upload and scan file(s) at www.virustotal.com

post link to scan result here




This is the code from github
https://www.virustotal.com/gui/file/7df94d6a4e17876d43b0ac1e8123f253d96db2b558102ff576325e75b40ebe8a/detection

Title: Re: Avast failing to detect rapidly spreading virus
Post by: dean86 on June 05, 2019, 09:15:10 AM

Only 5 detected it. They have done some clever obfuscation by using an md5 hash (I think) for all the data and including this in byte definitions.

https://www.virustotal.com/gui/file/ca91df659056e1c3e52cd88e4f2ac43917a92240c390bd2418f5497a0389ad23/detection

D

Title: Re: Avast failing to detect rapidly spreading virus
Post by: Asyn on June 05, 2019, 09:18:22 AM

Hi, I forwarded it - hope that will speed things up.

Title: Re: Avast failing to detect rapidly spreading virus
Post by: Pondus on June 05, 2019, 09:27:58 AM

Quote from: dean86 on June 05, 2019, 09:15:10 AM

Only 5 detected it. They have done some clever obfuscation by using an md5 hash (I think) for all the data and including this in byte definitions.

https://www.virustotal.com/gui/file/ca91df659056e1c3e52cd88e4f2ac43917a92240c390bd2418f5497a0389ad23/detection

D

obfuscation is in the script writing

you can see pic here of obfuscated and decoded js script
https://gist.github.com/gwillem/866af760afcef583ebed23948cbbc589

Title: Re: Avast failing to detect rapidly spreading virus
Post by: dean86 on June 05, 2019, 09:43:05 AM

That makes it a lot more clear. Thanks for pushing this through. They are loading this onto thousands of servers so I can't imagine the number of users that are getting infected and with such a low detection rate there is a lot of illegal activity going on with the data they are gathering so Avast can make a big difference.

Thanks!

D

Title: Re: Avast failing to detect rapidly spreading virus
Post by: Asyn on June 06, 2019, 07:17:43 AM

Detected now by Avast/AVG as Other:Malware-gen [Trj]. Cheers
https://www.virustotal.com/gui/file/ca91df659056e1c3e52cd88e4f2ac43917a92240c390bd2418f5497a0389ad23/detection