Author Topic: Worm:JS/Bondat not detected (Read 2815 times)

REDACTED · « **on:** September 09, 2018, 08:52:29 PM »

I've foud a worm detected by MS Defender as Worm:JS/Bondat that doesn't get detected by Avast.
This worm infects mainly in thumb drives

https://drive.google.com/file/d/17sVUA6GrW1EeiMJmh4mAtPQ3vtOLikyN/view?usp=sharing (password: virus)

polonus · « **Reply #1 on:** September 09, 2018, 10:53:51 PM »

Here on VT avast does not detect this: https://www.virustotal.com/pl/file/c823dfff4415a07b6c738e5cc8cad1282d1f2f54ab50c8206fe5763f2bc56bdb/analysis/

But it could well be it detects in pup-mode. It is Bitcoin virus, so a mining blocker will help: -myvtfile.exe is a sort of malicious software that mines digital currency. -> https://www.fortinet.com/blog/threat-research/the-growing-trend-of-coin-miner-javascript-infection.html

polonus

Asyn · « **Reply #2 on:** September 10, 2018, 10:42:26 AM »

You can report a suspicious/malicious sample (File/Website) here: https://www.avast.com/report-malicious-file.php

savcin · « **Reply #3 on:** September 10, 2018, 01:02:32 PM »

Detection has been created.

REDACTED · « **Reply #4 on:** September 10, 2018, 01:30:56 PM »

Thank you all!

@asyn the file has been sent through this link, but since it doesn't provide any feedback I thought that a forum post could provide feedback to other users with the same issue.

Pondus · « **Reply #5 on:** September 11, 2018, 12:23:46 AM »

Quote from: polonus on September 09, 2018, 10:53:51 PM

Here on VT avast does not detect this: https://www.virustotal.com/pl/file/c823dfff4415a07b6c738e5cc8cad1282d1f2f54ab50c8206fe5763f2bc56bdb/analysis/

But it could well be it detects in pup-mode. It is Bitcoin virus, so a mining blocker will help: -myvtfile.exe is a sort of malicious software that mines digital currency. -> https://www.fortinet.com/blog/threat-research/the-growing-trend-of-coin-miner-javascript-infection.html

polonus

Not bitcoin related

Info >> https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AJS%2FBondat

Quote

Payload
Steals information about your PC

The worm collects information about your PC, including:

Malware version
User name
Computer name
Product ID
Infection GUID
Language/localization (for example, "0409" for "en-us")
Operating system version (for example, "5.1.2600.0")
This information is encoded using the RC4 algorithm, plus another custom encoder, and sent to a remote server through HTTP POST. The server's URL is hardcoded in the malware body.

Symantec info >> https://www.symantec.com/security-center/writeup/2015-021912-5112-99

Asyn · « **Reply #6 on:** September 11, 2018, 05:16:48 AM »

Quote from: Oteacher on September 10, 2018, 01:30:56 PM

@asyn the file has been sent through this link, but since it doesn't provide any feedback I thought that a forum post could provide feedback to other users with the same issue.

OK, thanks for the report.

Author Topic: Worm:JS/Bondat not detected (Read 2815 times)

REDACTED

Worm:JS/Bondat not detected

polonus

Re: Worm:JS/Bondat not detected

Asyn

Re: Worm:JS/Bondat not detected

savcin

Re: Worm:JS/Bondat not detected

REDACTED

Re: Worm:JS/Bondat not detected

Pondus

Re: Worm:JS/Bondat not detected

Asyn

Re: Worm:JS/Bondat not detected