Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 373165 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #915 on: December 29, 2012, 01:30:08 AM »
Hi DavidR,

Prior to reporting any missed detection here or in any other thread on the avast webforums I have reported to virus AT avast dot com when I thought that would help. This should be priority one.
I know these reports are/were helpful. I would encourage others to do likewise. We are with many here.
Sending samples will help, sending suspicious uri's will help.
Someone there should use the material towards better shield blocking, better script alerts, follow the IDS implementation consequences etc. etc.
I am certain that our efforts here has helped towards avast detection. The expertise achieved over time in website content analysis, potential suspicious script analysis, website software vulnerabilities and attack pattern awareness have helped avast detection.
Also know that malware removers in training are being sent here for instruction (also to for instance to !Donovan's site) and so the mutual efforts bring results,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86919
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #916 on: December 29, 2012, 02:16:58 AM »
I'm not talking about any other actions other than this topic.

The effort of posting here achieves nothing as has been confirmed by a member of the virus labs, the only thing that helps them is the receipt of samples. So those that are doing it have already played a part that this topic simply can't achieve.

What is done outside of this topic doesn't justify or sanction this topic as being useful to avast in getting 'samples' added to the definitions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #917 on: December 29, 2012, 05:04:06 AM »
Hi true indian,

Found that here: 2012-12-26     [D] carlahahn dot de/jqYnYs8B.exe    1FE5C899B8DF52C198B1582CE15B30A4    39D96ED5A5DBFFF3A2EF5782851541356070AA8E    284672    82.165.87.2    M TE R MG UQ Data from VX Vault
DrWeb URL checker detects: Checking:htxp://carlahahn.de/jqYnYs8B.exe
Engine version:7.0.4.9250
Total virus-finding records:3513894
File size:277.50 KB
File MD5:4ff9db792185de2457cb3c6ddc91da53

htxp://carlahahn.de/jqYnYs8B.exe packed by FLY-CODE
>htxp://carlahahn.de/jqYnYs8B.exe probably infected with Trojan.Packed.196

polonus

Hi Pol,
Now Avast! Network shield is actively blocking this URL after I reported the URL and the sample  8)


spywar

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #919 on: December 29, 2012, 09:09:45 AM »
Nice thanks for sharing  ;)


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #921 on: December 29, 2012, 02:00:12 PM »
Hi Chabbo,

What I discussed on so-called "long overdue" does not concern riskware and particular adware as the avast PUP or riskware detection does not show in VT results generally. That is why I stated that VT results does not give a good picture of all that avast av detection covers (PUP-detection, avast various shields' detection, etc.). So VT results as a means is not the right tool to measure av detection and av detection patterns.
Then there is also the vulnerability window to be considered. At the beginning there is one, or there are two, three av solutions that detect, then others follow within a couple of hours to a couple of days for the av solutions that are slow to pick up. When 5 av solutions detect we speak of  100/100 % malware (zulu Zscaler)
Then we have malware that is being launched uniquely every time. There the launch sites or migration sites should be blocked period. Malware knows various ways to circumvent detection and that is an ongoing chess game between the good and the dark forces on the "Interwebs".
Furthermore we have potential suspicious files, detected by the fact that some script is running with anomalities together with IDS alerts other sources of malcreation can be determined and listed (Quttera's, wepawet, file viewers, urlquery etc.). Then there are blocklists where blocked ranges are only to be lifted if proven to be benign over some timespan (Google Safebrowsing for instance). Another factor is the possible insecurity of websites and how easily they could be (re-infected) (sucuri scans, safersite, dorks, vendor vulnerability lists) because  server abuse through misconfiguration or outdated website software or bugs in the website software.
There we are running behind the facts always and all of the time because there is an enormous amount of unawareness from website owners/website admins and hoster staff even as how to protect the average user not to get infected by visiting their infestious websites. And then we have to add malware launching sites per se driven by cybercrime and co on bulletproof and FastFlux webservers with malware that is hard to close down. Here in browser added security through extensions like NoScript and RequestPolicy could protect the browser user to quite an extent.

So as the odds are against us, still with the right insight users can be online free of  malware for years and years . To educate others how to achieve this is why we are here and do what we do,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #923 on: December 30, 2012, 09:02:30 AM »
« Last Edit: December 31, 2012, 06:41:15 AM by true indian »


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
« Last Edit: January 07, 2013, 09:40:17 AM by true indian »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849