Author Topic: "Malware Dumps" on labs.sucuri.net  (Read 2807 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
"Malware Dumps" on labs.sucuri.net
« on: April 28, 2017, 05:28:14 PM »
Earlier today I did a scan on one website on Sucuri that had apparent infection on it (which I already wrote about on this forum) and as I checked the Sucuri labs iarticle about the infection type it gave (http://labs.sucuri.net/db/malware/malware-entry-mwjs160?17), what caught my attention was the "Malware Dump" text window at bottom of the article. I haven't seen much of those before som I'm really not sure weither that's some info about the site I scanned or some genrral stuff, but more than that I thought weiter if it's safe to view that stuff on my browser if it indeed is some malicious coding, or has it been rendered harmess with something similar to this forum's "code" function?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37613
  • Not a avast user
Re: "Malware Dumps" on labs.sucuri.net
« Reply #1 on: April 29, 2017, 10:19:27 AM »
Quote
I thought weiter if it's safe to view that stuff on my browser if it indeed is some malicious coding, or has it been rendered harmess with something similar to this forum's "code" function?
Yes   ;)



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: "Malware Dumps" on labs.sucuri.net
« Reply #2 on: April 29, 2017, 11:07:50 AM »
Some time ago, many of the analysis sites had to be excluded as the results could indeed trigger the web shield.

It seems some have learnt to place them in code tags if that function exists on their web site.

Personally I would prefer it if the code examples were done as images, but this isn't really possible when live analysis is being done.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33930
  • malware fighter
Re: "Malware Dumps" on labs.sucuri.net
« Reply #3 on: April 29, 2017, 01:28:03 PM »
Hi DavidR,

Agree with you there that a representation of code that could trigger an (even false) alert (even while there is no real payload or live or obfuscated links inside, but enough of the code being exposed to kick up such an alert), shoud preferably be given as an image. [/b]

When links are given to code representations always at least block like -http(s) or hXtp(s) so the unaware will not click on it an gets startled by an alert, for which they haven't the expertise to know what it really is all about). So now when I present a source code analysis of Redleg's fileviewer for website code for instance (where Redleg already has taken care to break all live links inside the code) I nevertheless break that link, when I give it. Like -https://aw-snap.info/file-viewer/ etc. or htxps://aw-snap.info/file-viewer/ etc.

Those that then want to see the real contents of the link, do not need rocket technology to reconstruct the live link.
At least they then do this knowingly, and I feel I haven't put the unaware at risk or those without relevant knowledge, that do not know what they are doing.

Always remember there are also minors and kids visiting our pages.
Let them come and learn on the avast forums, we are glad to educate them, butat least do this without causing any harm.

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: April 29, 2017, 01:30:09 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!