Author Topic: CyberCapture  (Read 138065 times)

0 Members and 1 Guest are viewing this topic.

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2297
Re: CyberCapture
« Reply #225 on: September 09, 2016, 12:00:33 PM »
Hello,
the sample did not do anything malicious in time of run in DeepScreen.

Milos

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture
« Reply #226 on: September 09, 2016, 12:03:50 PM »
Hello,
the sample did not do anything malicious in time of run in DeepScreen.

Milos
But it should be blocked as Evogen[susp]. ??? :P
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6674
  • volunteer
Re: CyberCapture
« Reply #227 on: September 12, 2016, 02:05:05 AM »
I found this file by a single search result.The file has 91,3MB
There are 2 infections in this file.

The Zemana found attached

https://www.virustotal.com/en/file/24f0ef28bcc00d8eb2a2e3881a0a050eec0adbbc6b6a2f4c4b420fb50abd15d7/analysis/1473630666/

I did some tests on this and I just found the Malware.

WINWORD.EXE not detected by Avast.It is also not detected by Zemana.

https://www.virustotal.com/en/file/66ad25b71653e0f985abf64f37daa1dea5b3b585b80c40e30a9913ea7a3c6a77/analysis/1473630804/

CyberCapture would have to deal with file of this size. The analysis of the running time is sufficient to take action and determine if this file is malicious ?

Offline A. User

  • Sr. Member
  • ****
  • Posts: 388
Re: CyberCapture
« Reply #228 on: September 12, 2016, 01:19:40 PM »
So nice to see this technology. I've posted about it on the Comodo forums and haha, i didn't expected such a reply. Melih (their CEO) basically told me - oh are they going default deny? Because we have patents on Default Deny! Seems he didn't knew about CyberCapture before i have him the link to the blog post. Seems strange to me. LINK for CLICKING :D

REDACTED

  • Guest
Re: CyberCapture
« Reply #229 on: September 12, 2016, 10:09:58 PM »
Quote from:  link=topic=187679.msg1337672#msg1337672 date=1473679180
So nice to see this technology. I've posted about it on the Comodo forums and haha, i didn't expected such a reply. Melih (their CEO) basically told me - oh are they going default deny? Because we have patents on Default Deny! Seems he didn't knew about CyberCapture before i have him the link to the blog post. Seems strange to me. LINK for CLICKING :D

I don't know if they have patents, but they are the perfect troll company.

 
« Last Edit: December 14, 2021, 10:57:04 AM by Eva137 »

REDACTED

  • Guest
Re: CyberCapture
« Reply #230 on: September 12, 2016, 10:13:51 PM »
What is the advantage of running webshield, should't the system shield do the same thing more or less?
Does cibercapture work without the webshield installed?


Two questions about CC:
1.Are files uploaded through secure connection?
2.How many files do you get through this feature everyday?

Hi.

ad 1) yes it's encrypted via our specific protocol
ad 2) couple of thousands a day

Couple of thousands a day? taking into account your user based isn't this number ridiculously low? it shouldn't be hard to setup servers tens of thousands of files per day

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
Re: CyberCapture
« Reply #231 on: September 12, 2016, 10:18:36 PM »
What is the advantage of running webshield, should't the system shield do the same thing more or less?
Does cibercapture work without the webshield installed?


Two questions about CC:
1.Are files uploaded through secure connection?
2.How many files do you get through this feature everyday?

Hi.

ad 1) yes it's encrypted via our specific protocol
ad 2) couple of thousands a day

Couple of thousands a day? taking into account your user based isn't this number ridiculously low? it shouldn't be hard to setup servers tens of thousands of files per day

At this moment of time CyberCapture only targets .exe files which have been downloaded via http(s).

In order for CyberCapture to work the Web Shield MUST be installed with Participate in Avast community enabled (which is by default).

You also need to understand that CyberCapture targets new or unknown files - in the future CyberCapture will trigger on other sources.

So if the file is already uploaded identified by hash, it won't be uploaded again.
Windows 10 Home 64-bit • Avast Free (latest stable version) •  Malwarebytes 4 Premium (On-Demand) • Windows Firewall Control • Google Chrome • LastPass • CCleaner • O&O ShutUp10 •

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: CyberCapture
« Reply #232 on: September 12, 2016, 10:20:04 PM »
@jefferson sant   this seems like a false positive

First submission 2009-07-15 00:10:12 UTC ( 7 years, 2 months ago )


Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6674
  • volunteer
Re: CyberCapture
« Reply #233 on: September 12, 2016, 10:27:10 PM »
@jefferson sant   this seems like a false positive

First submission 2009-07-15 00:10:12 UTC ( 7 years, 2 months ago )

Thanks.I have also reviewed some now with Hitman Pro
and have detected Malware.
« Last Edit: September 12, 2016, 10:38:19 PM by jefferson sant »

REDACTED

  • Guest
Re: CyberCapture
« Reply #234 on: September 13, 2016, 09:28:59 AM »
What is the advantage of running webshield, should't the system shield do the same thing more or less?
Does cibercapture work without the webshield installed?


Two questions about CC:
1.Are files uploaded through secure connection?
2.How many files do you get through this feature everyday?

Hi.

ad 1) yes it's encrypted via our specific protocol
ad 2) couple of thousands a day

Couple of thousands a day? taking into account your user based isn't this number ridiculously low? it shouldn't be hard to setup servers tens of thousands of files per day

At this moment of time CyberCapture only targets .exe files which have been downloaded via http(s).

In order for CyberCapture to work the Web Shield MUST be installed with Participate in Avast community enabled (which is by default).

You also need to understand that CyberCapture targets new or unknown files - in the future CyberCapture will trigger on other sources.

So if the file is already uploaded identified by hash, it won't be uploaded again.

If I disable Avast community I can keep enable Cybercapture, are you sure is required? if is true then is a bug since avast doesn't alert you about this relation and people may think that they are using CC while they are not.

Still for me the volume of files is extremely low taking into account the volume manage by other companies only in new malware (not any suspicious file like CC should get). There are always other sources but still CC should be getting much more since it's a good source of 0 day malware.
http://www.securityweek.com/daily-new-malware-count-drops-15000-kaspersky
http://www.redsocks.nl/blog-2/malware-statistics-march-2016/
http://www.pandasecurity.com/mediacenter/press-releases/panda-security-detects-over-225000-new-malware-strains-per-day-in-the-first-quarter-of-the-year/

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: CyberCapture
« Reply #235 on: September 13, 2016, 10:08:30 AM »
Quote from:  link=topic=187679.msg1337672#msg1337672 date=1473679180
So nice to see this technology. I've posted about it on the Comodo forums and haha, i didn't expected such a reply. Melih (their CEO) basically told me - oh are they going default deny? Because we have patents on Default Deny! Seems he didn't knew about CyberCapture before i have him the link to the blog post. Seems strange to me. LINK for CLICKING :D
Sorry, but your link doesn't work for me.
Either the topic got removed or it's located in a closed section.

OT: Seems Comodo forum uses an outdated version of SMF. :o
« Last Edit: December 14, 2021, 10:56:11 AM by Eva137 »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: CyberCapture
« Reply #236 on: September 13, 2016, 10:41:08 AM »
If I disable Avast community I can keep enable Cybercapture, are you sure is required?
Yes, afaik.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline A. User

  • Sr. Member
  • ****
  • Posts: 388
Re: CyberCapture
« Reply #237 on: September 13, 2016, 01:23:49 PM »
Quote from:  link=topic=187679.msg1337672#msg1337672 date=1473679180
So nice to see this technology. I've posted about it on the Comodo forums and haha, i didn't expected such a reply. Melih (their CEO) basically told me - oh are they going default deny? Because we have patents on Default Deny! Seems he didn't knew about CyberCapture before i have him the link to the blog post. Seems strange to me. LINK for CLICKING :D
Sorry, but your link doesn't work for me.
Either the topic got removed or it's located in a closed section.

OT: Seems Comodo forum uses an outdated version of SMF. :o
You have to register on their forums to be able to see it.  ::)
« Last Edit: December 14, 2021, 10:55:39 AM by Eva137 »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: CyberCapture
« Reply #238 on: September 13, 2016, 01:37:19 PM »
Quote
Still for me the volume of files is extremely low taking into account the volume manage by other companies only in new malware (not any suspicious file like CC should get).
The volume isn't low at all.
CyberCapture currently only checks .exe files

avast has a huge database with hash's
Files are only submitted/checked if they are unknown.
The fewer files are submitted, the more avast already know.
Note that it is the amount of files that is low, not the amount of hash's.

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48700
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CyberCapture
« Reply #239 on: September 13, 2016, 03:12:37 PM »
Quote from:  link=topic=187679.msg1337672#msg1337672 date=1473679180
So nice to see this technology. I've posted about it on the Comodo forums and haha, i didn't expected such a reply. Melih (their CEO) basically told me - oh are they going default deny? Because we have patents on Default Deny! Seems he didn't knew about CyberCapture before i have him the link to the blog post. Seems strange to me. LINK for CLICKING :D
You can expect almost anything from Melih. :)
« Last Edit: December 14, 2021, 10:55:51 AM by Eva137 »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet