Author Topic: Crypt0L0cker!!!(Zero DAY)  (Read 2842 times)

0 Members and 1 Guest are viewing this topic.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
« Last Edit: March 18, 2017, 12:27:26 PM by Be Secure »
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: Crypt0L0cker!!!(Zero DAY)
« Reply #2 on: March 19, 2017, 05:08:27 AM »
Downloaded file is detected as  VBA:Downloader-ESI[Trj] by avast,so we are good  :) The downloader that be secure posted is not detected but we should be protected since the downloaded file is caught.

This is a downloader that tricks the user into downloading from their site.Looks like malware writers weren't getting people to download it from their site so they made this downloader.I had reported this URL yesterday night to avast at 9:28 IST

We are protected avast now detects the downloaded file.
« Last Edit: March 20, 2017, 07:44:05 AM by HonzaZ »

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: Crypt0L0cker!!!(Zero DAY)
« Reply #3 on: March 19, 2017, 05:24:49 AM »
Downloaded file is detected as  VBA:Downloader-ESI[Trj] by avast,so we are good  :) The downloader that be secure posted is not detected but we should be protected since the downloaded file is caught.

This is a downloader that tricks the user into downloading from their site.Looks like malware writers weren't getting people to download it from their site since I had reported this URL yesterday night to avast at 9:28 IST

We are protected avast now detects the downloaded file.
Thanks for the info.@TrueIndian :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: Crypt0L0cker!!!(Zero DAY)
« Reply #4 on: March 19, 2017, 05:28:20 AM »
Here is the URL of the downloaded file.This was already reported yesterday and detected with today's VPS:
https://www.virustotal.com/en/url/75efa482d1c4b701afbc46a49924eb0f7a255aa887e04bfecf81dcbe8f62f348/analysis/1489897627/

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Crypt0L0cker!!!(Zero DAY)
« Reply #5 on: March 19, 2017, 12:59:30 PM »
Just because VT doesn't detect it, that doesn't mean it's not detected. VT doesn't use half of the cloud capabilities and it also doesn't use Behavior Shield at all.
Visit my webpage Angry Sheep Blog

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: Crypt0L0cker!!!(Zero DAY)
« Reply #6 on: March 19, 2017, 05:26:38 PM »
Just because VT doesn't detect it, that doesn't mean it's not detected. VT doesn't use half of the cloud capabilities and it also doesn't use Behavior Shield at all.

Yes that is exactly why Virustotal Is unreliable as a source of detection  :)