Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 414279 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #870 on: December 06, 2012, 11:39:23 AM »
Hi Tonanet,

It is being flagged here: http://www.isthisfilesafe.com/sha1/80DD271CB1A9A52A7467B15D16AA4D8DF447D398_details.aspx
Could be the avast shields flag it?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #871 on: December 06, 2012, 12:01:41 PM »
Hi !Donovan,

I went after the IDS alert for "Detected live KaiXin exploit kit" at urlquery.net and saw that DrWeb has a very good detection rate for this exploit kit malware detection

htxp://adsup.co.kr/pgm/  avast detects here:  https://www.virustotal.com/file/5004b899bc5c8dd17e3b54cf28f930484e9f1e6c36de1a28a61de2c9cd61cc76/analysis/
htxp://204.13.71.29/home/flash.html  I get The network link was interrupted while negotiating a connection. Must be ZeroExploit shield intervening or ABP malware block list enabled...
These are the IDS sigs: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17956 (info author = gmane)
Emerging Threats Daily Rulesets update: http://www.emergingthreats.net/2012/11/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Tonanet

  • Sr. Member
  • ****
  • Posts: 353
  • I'm a llama!
Re: Samples missed by avast (VirusTotal links only!)
« Reply #872 on: December 06, 2012, 12:21:51 PM »
Hello Polonus,

Thanks for the reply.

It seems to be a new file, as this one isnt detected by Avast, AVG or Panda with the latest definitions...

Thanks for your time,

Tonanet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #873 on: December 06, 2012, 12:30:42 PM »
Hi Tonanet,

Yes, will be reported to virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #874 on: December 17, 2012, 11:40:50 AM »
New Unknown Malware: http://certcc.ir/index.php?name=news&file=article&sid=2293

According to Crysis its batch wiper...

reported all samples to virus AT avast DOT com.  8)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #875 on: December 17, 2012, 01:01:13 PM »
See: http://labs.alienvault.com/labs/index.php/2012/batchwiper-just-another-wiping-malware/?utm_source=rss&utm_medium=rss&utm_campaign=batchwiper-just-another-wiping-malware (article author = jiame biasco) Quate from Jiame Biasco:
Quote
We don’t have details about the infection vector but based on the dropper it could be deployed using USB drives, internal actors, SpearPhishing or probably as the second stage of a targeted intrusion.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #876 on: December 17, 2012, 07:09:48 PM »
Latest update on that malware news: http://www.securelist.com/en/blog/208194052/GrooveMonitor_Another_Wiper_Copycat  (article author = Roel)
Malware does not funtion on 64 bits-Windows apparently,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #878 on: December 20, 2012, 12:22:57 AM »
Hi mrapi,

Here I also get a zero flag result: http://f.virscan.org/ezcddax.zip.html
As it is crack MS it should be suspicious by nature,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #879 on: December 22, 2012, 04:36:56 AM »


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
« Last Edit: December 28, 2012, 04:23:28 AM by true indian »

spywar

  • Guest