Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 414250 times)

0 Members and 1 Guest are viewing this topic.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #481 on: November 14, 2011, 12:22:55 PM »
i dont want to risk myself....sorry! :-[....but..i want to improve detection! :-[

Well, that's not how this thread works. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #482 on: November 14, 2011, 12:24:49 PM »
Quote
Well, that's not how this thread works. ;)

Yes i know...but i am sorry...i am just a security freak! :-[ :'(

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #483 on: November 14, 2011, 12:52:03 PM »
Hi true indian,

You could send the suspicious link to virus AT avast dot com and as long as the link is up and alive they can run the binairy analysis and add detection if found to be malicious.
The analysts should have received them anyway through the channels they use as resources, but some av take a couple of days to be "up to the mark". That is called the vulnerability gap, and it should not be left open too long. Av-solutions are not always overlapping and sometimes complementary. Just check the links you gave here: http://online.us.drweb.com/?url=1 and you see a lot of those you come up with are detected. That is why I have it as a complementary scanner next to avast web rep.
I assume the way Tech intended this thread is to add to detection in a way that one has/downloads a particular undetected file in zipped format and password protected and then send it to virus AT avast dot com with the password to be analyzed and eventually be added to detection. If you want to do that, you should have the VM lab settings for it, know how to work malzilla for instance and run a file in a sandbox environment. You should  know how to block script running and be able to determine when to click links or not and you should feel security aware enough,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #484 on: November 14, 2011, 02:49:42 PM »
thanks! for the advice polonus i will try as u said  ;D

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #485 on: November 14, 2011, 03:05:43 PM »
Quote
i dont want to risk myself....sorry! ....but..i want to improve detection!
Quote
Well, that's not how this thread works. ;)

Yes i know...but i am sorry...i am just a security freak! :-[ :'(
Then you are not a real security freak   ;D

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #487 on: November 14, 2011, 04:21:44 PM »
thanks! polonus good to see avast is detecting them :)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #488 on: November 14, 2011, 04:28:05 PM »
thanks! polonus good to see avast is detecting them :)
wrong name....Pondus and Polonus are not the same   8)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #489 on: November 14, 2011, 04:29:34 PM »
thanks! polonus good to see avast is detecting them :)
wrong name....Pondus and Polonus are not the same   8)

;D 8)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #490 on: November 14, 2011, 05:43:45 PM »
Quote
wrong name....Pondus and Polonus are not the same 8)

HEY! sorry...but thats rhyming ;D 8)...LOL

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #491 on: November 14, 2011, 07:43:14 PM »
Hi true indian,

Well Pondus and polonus are not the same, but they are cooperating here to analyze malicious URLs etc. Pondus gets a lot of information from polonus and polonus gets a lot of information from pondus. And there are more users in this particular group of conaisseurs, as there is Asyn, Dim@rik, spg SCOTT, and a couple of others,

polonus
« Last Edit: November 14, 2011, 07:45:28 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Samples missed by avast (VirusTotal links only!)
« Reply #492 on: November 15, 2011, 04:27:30 AM »
Batch Oridginal
(AVAST DETECTED THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=716b077fa6b6994753800f6cad425d0b18fb36408809cb7d6f6a27b9d39a6df7-1321326555

Regular EXE
(AVAST DETECTED THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=7dadbe3fad94cdf27d9bc8c88039cdbaadff0a314a87fddfd512460a2c149fc6-1321326379

EXE Virus with password passavast & encrypted
(AVAST DID NOT DETECT THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=d4af3f1ed1573f9b8cd2eab8b33d3ab18cb02529c8ae1f667a218f47cc442347-1321326498

The following files were made 10/23/2011.
On 10/23/2011, the following files had the following reports:
Oridginal Batch; 5/42, Avast Detects
EXE Virus; 6/43, Avast Does NOT Detect
EXE Encrypted and Password Protected; 1/43, Jiangmen Only, Avast Does NOT Detect

Comodo Results (What it does):
-http://camas.comodo.com/cgi-bin/submit?file=7dadbe3fad94cdf27d9bc8c88039cdbaadff0a314a87fddfd512460a2c149fc6
« Last Edit: November 15, 2011, 04:32:19 AM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Samples missed by avast (VirusTotal links only!)
« Reply #494 on: November 15, 2011, 08:19:51 PM »
Thanks for helping improving detection.
The best things in life are free.