Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 377358 times)

0 Members and 1 Guest are viewing this topic.

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #840 on: September 26, 2012, 01:42:28 PM »
@ sality

Have you sent the files to avast! labs via e-mail or from the chest??

Win32:Sality

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #841 on: September 26, 2012, 02:00:48 PM »
Yep, I send yesterday.

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #842 on: September 26, 2012, 02:24:48 PM »
Yep, I send yesterday.

yes thats good...keep sending them if they are not detected  :)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33580
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #843 on: September 26, 2012, 06:14:53 PM »
These temp files were never found to ne malicious: http://www.threatexpert.com/files/100.exe.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Win32:Sality

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #844 on: September 27, 2012, 08:58:20 AM »
Yes, virustotal said it's clean, but i started it on my virtual machine, and it was weird. I send it to the avast too.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33580
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #845 on: September 27, 2012, 12:54:16 PM »
New Dorifel-variant downloading the zero access rootkit not detected: https://www.virustotal.com/file/6d32a06be42f9c9b09038279d5121c8f9edd3fc3d5c670f3691d20d92dcddbff/analysis/1348728915/#additional-info

Time for TDSS killer investigations from our malware removal experts, zero access rootkit to perform clickfraud is a mighty nasty threat at the moment going under the av radar. The new Dorifel variants seems to be more aggressive as the former...
Malware produces a new unique hash making it harder to detect, This domain was registered: https://forum.perfect-privacy.com/member.php/?u=4578
The ransom hijacker uses a picture of Mohamed Ali, formerly known as Cassius Clay  A special Dorifiel decrypter should be used for the encrypted documents:
http://www.surfright.nl/nl/support/dorifel-decrypter. Information from SurfRight's and kudo's go to Mark Loman and Fabian Wosar...

polonus

P.S. Regarding Perfect Privacy Forum, like to add the following security information: 
web bug detector gives a webbug on that very page: https://forum.perfect-privacy.com/member.php/cron.php?s=073e2639f73d26cb026449410960b785&rand=1351336814 
so that is not very encouriging for establishing the right privacy circumstances,
and makes the site vulnerable to attacks, see: http://drupal.org/node/1080486 (link article author Drew Mathers).
It should be protected from the protect it from the webserver layer.
Executing code on your webserver from remote is always a security risk.
cron.php only runs once, so the risk is not that extreme,
but users of Drupal should be aware to not give access.
Renaming cron.php is no option, because it is security through obscurity.

Private cache control is alerted for not following best practice, no secure attribute for cookie bb sessionhash
settings not secure for x-content-type-options N/A   x-xss-protection N/A x-frame-options   
N/A   x-content-security-policy   N/A   strict-transport-security   N/A   
Check this yourself using the Recx Security Analyzer extension on that page.
Privacy ratting does not go further as a meagre 70,

Damian
« Last Edit: October 27, 2012, 01:39:37 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest

true indian

  • Guest

true indian

  • Guest

true indian

  • Guest

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #850 on: October 12, 2012, 03:35:13 PM »

true indian

  • Guest

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76115
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #852 on: October 14, 2012, 12:36:45 PM »
Good catch. :)
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #853 on: October 14, 2012, 12:48:48 PM »
As an Update to my previous detection of Iframe.The site that is loaded by the Iframe is already detected: http://vscan.novirusthanks.org/analysis/6674455f2c5206efa75a21c86081a339/dGVzdC1odG0=/

So we should be protected anyway.

true indian

  • Guest