Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 369722 times)

0 Members and 1 Guest are viewing this topic.

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #690 on: April 12, 2012, 07:25:00 PM »
Why report this one as it is updated that many times and the malware will survive just over an hour before it is being closed again, better to have a web- or netshield block? So, senseless action i.m.o.

Well,there is no web or net shield block for this...more ever it is a rogue and it is a critical one even MBAM Detects it we need that in tha avast database  ;)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #691 on: April 12, 2012, 07:31:44 PM »
Hi true_indian,

How can you create detection for a piece of malware that does not respond any longer or has been closed and what for? You are not knowing what you are talking about. And if you have detection for another older variant what good would it do on the next version? These are generic unclassified malware detections,

polonus
« Last Edit: April 12, 2012, 07:34:59 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #692 on: April 15, 2012, 05:58:19 PM »
Reported to virus AT avast dot com a variant of W32 solimba

htxps://www.virustotal.com/file/3daef7c43e3d4cfd0f706c155f216c0bb5ea1fc1637e67b6c815daf5fa5231cc/analysis/
and
htxp://zulu.zscaler.com/submission/show/5b1c27f8a0bacb574ba5bdd5289642bb-1334505055

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #693 on: April 15, 2012, 07:13:04 PM »
see: htxps://www.virustotal.com/file/73f9128f37aeb8d1282b8750df727b5fab39e7eb3700361979ee2d9e358714ad/analysis/
and
htxp://zulu.zscaler.com/submission/show/d2dd47258549965563800957c3bbf034-1334509595 (TR/PSW.Fareit.E)

reported to virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #694 on: April 19, 2012, 10:48:40 AM »
See: htxp://zulu.zscaler.com/submission/show/310bdfbdd56857fee5761037a9448c58-1334825007
VT: htxps://www.virustotal.com/file/04e9a0f7a102418967eae889b0ff8e8725f51d81bad14fc8fa6f7b0cf4c01d89/analysis/

reported to virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!



Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #697 on: April 28, 2012, 01:07:55 AM »
See: htxp://zulu.zscaler.com/submission/show/6d51102e1c5923a997de688f1ff3871b-1335548167
and htxp://vscan.urlvoid.com/analysis/92a816b15e958aee9c26d6a756c0c86b/ZG5mLWV4ZQ==/

TR/Dldr.Delphi.Gen reported to virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Mr Wrong

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #698 on: April 28, 2012, 08:47:50 PM »
Quote
Quote from:Pondus on Yesterday at 08:09:28 PM
did you send the sample to avast?

Of course I've sent.
« Last Edit: April 28, 2012, 08:53:38 PM by Mr Wrong »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #699 on: April 28, 2012, 11:19:22 PM »
Detection missed for Trojan.SuspectCRC, see: htxp://zulu.zscaler.com/submission/show/3b1e347a8ee11ab1061bf2fd647083ff-1335647081
See: hxtp://vscan.urlvoid.com/analysis/dae13e232acaa1cce12d4b608de01540/dXBkYXRlLXVwZA==/
VT results: htxps://www.virustotal.com/file/bc675a110dd06174b5b2e1102576fd6becba71b91b9c0f8c64d6073f2709c8cb/analysis/
reported to virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #701 on: April 29, 2012, 07:25:07 PM »
See: htxp://zulu.zscaler.com/submission/show/b17a92cfbde005a450a6866f77668513-1335719417
Found here: hxtp://wepawet.iseclab.org/view.php?hash=9780abb65c19255633e7a5bd7fb25377&t=1335719822&type=js
See: hxps://www.virustotal.com/file/374a11472c3d4a869eaef8bd322ed0f73f6f7b2a8cb8d41632fb385ff798e786/analysis/

reported to virus AT avast dot com

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #702 on: May 02, 2012, 03:23:42 PM »
Trojan downloader Banload variant: htxps://www.virustotal.com/url/9c4b70ddfea087abed2b35d8ad1d809d5004de944baa9c5aff5353b61fb950ff/analysis/1335964615/
see: htxps://www.virustotal.com/file/a25731ff295e96bb082faacd2582d7b803908a65e487ab02185c69272d60c86c/analysis/

reported to virus AT avast dot com
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #704 on: May 05, 2012, 04:05:02 PM »
Hi Pondus,

Good find, my friend. I went to that site with malzilla and took the attached picture of the malicious code.
Detected were:
- Detected BlackHole exploit kit HTTP GET request
- Detected Live BlackHole exploit kit
- Detected malicious injected iframe
That is why this stays my favorite URL scanner to verify BlackHole issues: http://urlquery.net/report.php?id=51148

And again it is of the utmost importance for all users here to keep their OS and 3rd party software fully updated
and fully patched, so blackhole could not do any harm via vulnerable software exploits to their comps.
Use the online scanner here to see if you are not vulnerable: http://secunia.com/vulnerability_scanning/online/


polonus
« Last Edit: May 05, 2012, 04:13:45 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!