Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 373170 times)

0 Members and 1 Guest are viewing this topic.

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #495 on: November 16, 2011, 11:05:33 AM »
http://www.virustotal.com/community.html

latest comments columns for VT results...

Sent to avast! by one of my friends.
« Last Edit: November 16, 2011, 11:22:54 AM by true indian »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86919
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #496 on: November 16, 2011, 12:36:53 PM »
If only the VT comments column was sent, that doesn't help as you need a sample to analyse, comments are of no use.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #497 on: November 16, 2011, 01:02:33 PM »
Hi DavidR,

Why true indian's comment? Makes no sense. Normally avast gets these hashes anyway, see: http://ore.carnivore.it/malware/engine/virustotal 
As I hope the avast virus analysts will get all the malware there automatically from Engines like VirusTotal, Anubis, CWSandbox to check on. But will they?
Apparently no one there has seen this one yet: http://ore.carnivore.it/malware/hash/b58c7ea56b3343419e7852176fe7ee4d (Avast does not detect),
so we still have to do lots of work for them,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86919
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #498 on: November 16, 2011, 01:11:16 PM »
Well it is hard to read true indian's post, but my interpretation of it is I'm not sure if only the VT comments column information was sent to avast or the file and the comments or what was sent.

Yes they get samples, but A) not in a timely fashion and B) they (avast labs member) reported that there is so much junk in there that it isn't that helpful. Which is why I feel it best not to rely on VT sending any sample and send it directly yourself.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #499 on: November 17, 2011, 09:40:05 AM »
my friend sent the password protected samples  ;)


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #501 on: November 19, 2011, 04:06:40 PM »
L.S.

For the first VT file results given in the row in the previous posting. This info could also be interesting for users to know. Ssome more info about the general threat since November 16th last from Cisco's: http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=24212 link info provided by Cisco Threat Outbreak Alert by Cisco threat analysists, so a general mail threat!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #507 on: November 27, 2011, 01:03:36 AM »
Hi folks,

See: http://www.virustotal.com/url-scan/report.html?id=0ae5f16b5624044f5994406e5e1d16ba-1322346824
and
http://sakrare.ikyon.se/log.php?id=19177
see Sucuri detection of mentioned malware:
web site:   -http://www.modeplatsen.se
status:   Site infected with malware
web trust:     Not Blacklisted

Malware found in the URL:
-http://www.modeplatsen.se

Known javascript malware.
Details: http://sucuri.net/malware/malware-entry-mwjsanon7

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!