Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Fun! I found a 0-day virus  (Read 972 times)

0 Members and 1 Guest are viewing this topic.

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3507
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Fun! I found a 0-day virus
« on: 10. August 2014., 14:11:37 »
VIRUS download: https://app.box.com/s/y9l9cay87miuctwup0e6 (yes: you will download a virus!)

What happened? https://twitter.com/search?q=%40devnullius%20%40bitonicactie&src=typd

First contact with them: https://twitter.com/devnullius/status/498207835638206464 (good 16 hours ago).

At that time, I did an online scan: only 5 antivirus programs detected it correctly as a virus... ONLY FIVE!

16 hours later I went back to https://www.virustotal.com/en/file/6c01ebfb26392ce6b3aa8b84503b54097c6e66ede07a7c69fc49decd06cc1d3f/analysis/1407674211/ . Virustotal recognized the file; last result (I did not write down the timestamp) was 10 positives. Now, 16 hours later, it is detected by 16/54 antivirus programs...


This is the current hall of fame - I'm SO SAD I cannot look back at my first report... I'd love to have named the top 5.

AVG   MSIL4.ATHU   20140810
AntiVir   TR/Injector.ESH   20140810
Avast   Win32:Malware-gen   20140810
Baidu-International   Trojan.MSIL.Injector.BESH   20140810
ESET-NOD32   a variant of MSIL/Injector.ESH   20140810
GData   Win32.Trojan.Agent.59ODL0   20140810
Ikarus   Trojan.MSIL.Injector   20140810
Kaspersky   Backdoor.Win32.DarkKomet.dhvk   20140810
Malwarebytes   Trojan.Ransom.Blocker   20140810
McAfee   Artemis!C2F70FAFB4F9   20140810
Qihoo-360   Malware.QVM03.Gen   20140810
Rising   PE:Trojan.Win32.Generic.171AB029!387625001   20140810
Sophos   Mal/DotNet-C   20140810
Symantec   Trojan.Gen.2   20140810
TotalDefense   Win32/DotNetInject.F!generic   20140810
TrendMicro-HouseCall   TROJ_GEN.R047H08H914   20140810

I do remember Avast detected it, together with Kaspersky. I don't remember seeing McAfee there, but I could be mistaken...! I think AVG was correct too. All in all, alarms really went off when I saw the 5 AVs recognizing it: they were the better AVs I thought, so very worrisome!

Programs still not recognizing it:
AVware      20140810
Ad-Aware      20140810
AegisLab      20140810
Agnitum      20140809
AhnLab-V3      20140810
Antiy-AVL      20140810
BitDefender      20140810
Bkav      20140808
ByteHero      20140810
CAT-QuickHeal      20140809
CMC      20140809
ClamAV      20140810
Commtouch      20140810
Comodo      20140810
DrWeb      20140810
Emsisoft      20140810
F-Prot      20140810
F-Secure      20140810
Fortinet      20140810
Jiangmin      20140810
K7AntiVirus      20140808
K7GW      20140808
Kingsoft      20140810
McAfee-GW-Edition      20140809
MicroWorld-eScan      20140810
Microsoft      20140810
NANO-Antivirus      20140810
Norman      20140809
Panda      20140810
SUPERAntiSpyware      20140804
Tencent      20140810
TheHacker      20140808
TrendMicro      20140810
VBA32      20140808
VIPRE      20140810
ViRobot      20140810
Zoner      20140729
nProtect      20140810


Domain information: http://www.whois.net/whois/bitcomin.com bitcomin.com
Registry Registrant ID:
Registrant Name: Jos?? Castrell??n
Registrant Organization: CyberCast
Registrant Street: Ricardo J. Alfaro, El Dorado
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code: 0819-06448
Registrant Country: PA
Registrant Phone: +507.3014841
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: domains@sky-ip.com

Be safe you all! :)





~~~ notemail@facebook.com ~~~

Conare nullius momenti videri fortasse missilibus careant
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-014 by DevNullius)
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info

Fun! I found a 0-day virus
« on: 10. August 2014., 14:11:37 »




jheysen

  • SCF Global Moderator
  • *****
  • Posts: 754
  • KARMA: 100
  • Gender: Male
Re: Fun! I found a 0-day virus
« Reply #1 on: 10. August 2014., 15:27:47 »
Uhm... all these detections look like generic ones, so the malware is not yet well-identified... for example in McAfee case, the detection comes from the Artemis web-reputation based system, not from the DAT files...
Maybe you can submit the sample to Avert and other labs? :p

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3507
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Re: Fun! I found a 0-day virus
« Reply #2 on: 10. August 2014., 15:56:02 »
? which means??
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

jheysen

  • SCF Global Moderator
  • *****
  • Posts: 754
  • KARMA: 100
  • Gender: Male
Re: Fun! I found a 0-day virus
« Reply #3 on: 10. August 2014., 16:30:55 »
Might be a false-positive, or you can help to futher analysis that sample by submitting it to the AVs Labs :p

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Fun! I found a 0-day virus
« Reply #4 on: 10. August 2014., 18:20:07 »
Probably he want to steal your coins...  >:(

"BitonicActie's" - current Twitter status:

Quote
Profile summary

Sorry, that user is suspended.

 :up:



By the way, here you have possibility to submit sample to McAfee lab: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising