Hi, remember me?...
Ever read through your spam sometimes to see what's popular? Of course you may also get a fresh serving of malware, which makes it very worthwhile. "Hi, remember me?..
new fotos(archived) you asked ;))
hxxp://lightfly.de/My_foto.exe
kiss,
Angella O."
Well, no I don't remember an Angella that I have met recently, particularly not someone who might send me photos. But I'll bite. A simple wget scores me an exe. Virustotal results are depressingly consistent. 4/32.
AntiVir 7.8.0.11 2008.05.02 TR/Crypt.XPACK.Gen
CAT-QuickHeal 9.50 2008.05.01 (Suspicious) - DNAScan
eSafe 7.0.15.0 2008.04.28 Suspicious File
Webwasher-Gateway 6.6.2 2008.05.02 Trojan.Crypt.XPACK.Gen
Additional information
File size: 167936 bytes
MD5...: cb1de4847ca840f8837fc8381ec6b0cb
SHA1..: 26c018e4968e6dc092d5389759e939f741bb66b3
So, only generic detection when the file was first seen, how about 12 hours later? Nope, same results.
Cheers,
Adrien de Beaupré
Bell Canada
Comments
The sample was changed right after your download (Rem: we already see servers that change the binary every 30 mins!)
Every sample is well tested against all know AV so that generic detection will not fire!
NO AV-Vendor will ever be able to write a siganture against that sample, unless you send that sample and if he does, he will publish a signature to millions of users for which that signature is simply useless! We already have over 700.000 detections in F-Secure and I personally expect over 1.3 Mio until End 2008!
If you want to be protected you need a good HIPS based behavioral blocking!
Install the ISTP (Internet Security Technology Preview) from F-Secure http://support.f-secure.com/beta/istp/is2009beta.shtml and START that EXE.
THAT is the future how to combat malware! No more "scan-before-start"! It is just "monitor-while-running"
So please stop complaining about AVs not detecting unless you run that malware while you are protected by that AV!
BTW: AV-Vendors meet these days im Amsterdam to discuss about new AV-testing. see http://www.amtso.org/
MysticJay
May 2nd 2008
1 decade ago
nog_lorp
May 2nd 2008
1 decade ago
MysticJay
May 3rd 2008
1 decade ago