Author Topic: Question (Read 11200 times)

Michael (alan1998) · « **on:** January 03, 2014, 01:52:23 AM »

Hi, I do malware sampling with Steven and Polonus. I found 15 undetected files all for Linux. Where do I report them and too who? I'm using Avast! for Windows. So that'd be useless.

Asyn · « **Reply #1 on:** January 03, 2014, 05:30:21 PM »

Quote from: alan1998 on January 03, 2014, 01:52:23 AM

I found 15 undetected files all for Linux. Where do I report them and too who?

Report them to: virus[at]avast.com

Michael (alan1998) · « **Reply #2 on:** January 03, 2014, 07:13:44 PM »

That's what I thought. Thanks Asyn

Asyn · « **Reply #3 on:** January 03, 2014, 07:40:28 PM »

You're welcome.

MAG · « **Reply #4 on:** January 05, 2014, 02:43:05 PM »

Quote from: alan1998 on January 03, 2014, 01:52:23 AM

Hi, I do malware sampling with Steven and Polonus. I found 15 undetected files all for Linux. Where do I report them and too who? I'm using Avast! for Windows. So that'd be useless.

That's a lot of Linux specific malware.

Do you think you could also submit them to virustotal and post back the links so that we can see what and who is detecting?

Thanks

Michael (alan1998) · « **Reply #5 on:** January 05, 2014, 03:12:14 PM »

Hi Mag,

As I am not at my primary machine and on a very unsecure system right now I cannot. Steven Winderlich asked for the DL and to do Malware Analysis. He might be able to post VT links. If not It'll take me 2ish hours to get them for you.

Note: As I am not familiar with Linux malware, I don't know what an "exe" file is in comparison to windows. So the rest of the files might just be random files.

Secondmineboy · « **Reply #6 on:** January 05, 2014, 03:49:51 PM »

MAG · « **Reply #7 on:** January 05, 2014, 04:51:01 PM »

Many thanks for taking the time to do this.

Secondmineboy · « **Reply #8 on:** January 05, 2014, 04:53:20 PM »

No problem.

These are script files i think, so they are executed in Terminal or via browser.
Or maybe with some else program. Cant get them to run here under Ubuntu 13.10 with latest updates.

Secondmineboy · « **Reply #9 on:** January 05, 2014, 05:06:46 PM »

One of the malware files is running in memory. (Screenshot)

Also Ubuntu is unable to connect to my GMail Account. (Screenshot)

MAG · « **Reply #10 on:** January 05, 2014, 08:49:46 PM »

I'm no malware expert, but when I come across references to linux malware I try to check to see which scannners detect it. This sample doesn't imply any reason to switch from my current scanner (comodo).

Thanks again.

Abraxas · « **Reply #11 on:** January 12, 2014, 09:39:54 PM »

I think you'll find you have a bunch of False Positives.

(EDIT:Steven Winderlich I take it you're running windows, and Ubuntu as a Dual Boot setup, and have scanned your Linux partition with Avast! for Windows ?
Try installing the Linux scanner into Ubuntu, and running it.
It's very uncommon to have anything but 'Windows' viruses in Linux, which are harmless, and can be simply cleaned using Avast4Linuxworkstations. )
Regards,

Tony.

This is a problem relating to a URL we had a while back.

The best action to take is described in my quote:
http://forum.avast.com/index.php?topic=141439.msg1032132#msg1032132

Quote from: Abraxas on December 07, 2013, 06:36:52 PM

When faced with your Web site being deemed to contain Malware, or a problem with Avast! (generally for Windows) blocking access to your site please report it immediately to Avast! Support [AVAST Software a.s.] https://support.avast.com/Tickets/Submit/RenderForm

I found their direct intervention the quickest way to resolve such issues, the forum next to useless.

Choose your Problem
Submit a Ticket
Get a direct and fast response.

Having a site blocked needs to be quickly remedied, it may cost you customers, exposure, etc. as is reasonable to expect.
The Direct approach I found technically pertinent in clearing the instance of a False Positive.
Using the Avast Support Forum cost time, lots of it, and custom.

I hope this may help others who may have a problem, as I once did .

Secondmineboy · « **Reply #12 on:** January 24, 2014, 11:10:44 PM »

Hi Abraxas,

no this is a virtual machine created with virtualbox, i would never ruzn Linux Malware on a dualboot system.

But maybe i will set up a Linux system like OpenSUSE or something
on my grandpas computer and maybe i will head over to linux too. But im not sure yet.

Abraxas · « **Reply #13 on:** January 26, 2014, 08:49:54 PM »

Hi Steven Winderlich,

you may have confused some issues raised by the OP.
alan1998:

Quote

Hi, I do malware sampling with Steven and Polonus. I found 15 undetected files all for Linux. Where do I report them and too who? I'm using Avast! for Windows. So that'd be useless.

Quote

Note: As I am not familiar with Linux malware, I don't know what an "exe" file is in comparison to windows. So the rest of the files might just be random files.

To clarify that statement, linux does not use 'exe' files.
This whole post is rather confused and misleading: Statements such as Linux Malware need to be backed up with a running Linux DE, stating found Malware, and why it is thought to be Linux Malware, which is quite an involved task. Much moreso than processing what is known Windows Malware

I believe what you're seeing is Windows Malware, running in virtualbox, in or your Host Windows.

All viruses found by us running on our Linux DE's are Windows viruses, which are unable to execute, as they are based on an"exe" file, which don't run in linux.

The main purpose of running a Virus scanner like Avast!4linuxworkstations is so as not to transmit windows executable malware from a Linux system, to a friend who is using Windows. Transmission can be made via Email, or file sharing, etc.

Best Regards,

Abraxas

Michael (alan1998) · « **Reply #14 on:** February 07, 2014, 07:49:16 PM »

Quote from: Abraxas on January 26, 2014, 08:49:54 PM

Hi Steven Winderlich,

you may have confused some issues raised by the OP.
alan1998:
Quote
Hi, I do malware sampling with Steven and Polonus. I found 15 undetected files all for Linux. Where do I report them and too who? I'm using Avast! for Windows. So that'd be useless.
Quote
Note: As I am not familiar with Linux malware, I don't know what an "exe" file is in comparison to windows. So the rest of the files might just be random files.
To clarify that statement, linux does not use 'exe' files.
This whole post is rather confused and misleading: Statements such as Linux Malware need to be backed up with a running Linux DE, stating found Malware, and why it is thought to be Linux Malware, which is quite an involved task. Much moreso than processing what is known Windows Malware

I believe what you're seeing is Windows Malware, running in virtualbox, in or your Host Windows.

All viruses found by us running on our Linux DE's are Windows viruses, which are unable to execute, as they are based on an"exe" file, which don't run in linux.

The main purpose of running a Virus scanner like Avast!4linuxworkstations is so as not to transmit windows executable malware from a Linux system, to a friend who is using Windows. Transmission can be made via Email, or file sharing, etc.

Best Regards,

Abraxas

Re-Read what I said again. I said "I don't know what an "exe" file in comparison to Linux is.

Some file must have the properities to be luanched right? Whatis that file extension? Windows is .exe or .jar.

Hence, I don't know if it's malware. 3 of the files where detected already. It came inside a ZIP folder into my Windows PC. They were included. Like for FRST to run a fixlist. It has to be in the same location.

Also, why did you bring back an old thread when it had aslready been dealt with?

Author Topic: Question (Read 11200 times)

Michael (alan1998)

Question

Asyn

Re: Question

Michael (alan1998)

Re: Question

Asyn

Re: Question

MAG

Re: Question

Michael (alan1998)

Re: Question

Secondmineboy

Re: Question

MAG

Re: Question

Secondmineboy

Re: Question

Secondmineboy

Re: Question

MAG

Re: Question

Abraxas

Re: Question

Secondmineboy

Re: Question

Abraxas

Re: Question

Michael (alan1998)

Re: Question