• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos1 Stats

New threats that NIS09 fully updated don´t detects

Hello guys, this is the results of the hunting tonight  :

http://www.virustotal.com/es/analisis/0f439fd62535165a9a565e0a3493eece

http://www.virustotal.com/es/analisis/9f2cd83d822fda0747f8467095df808e

http://www.virustotal.com/es/analisis/0d8c0486b29748b9cdd97dbaba351a9f

Tracking #10491703

Tracking #10491709

Tracking #10491716

--------------------------------

This another trojan is not detected for the automatic engine of SSR, but is a real trojan!

MegaCodecPack.exe


Tracking #10483899

Message Edited by Serekantum on 03-26-2009 04:59 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!

Replies

Kudos0

Re: New threats that NIS09 fully updated don´t detects

Hello guys, this is the results of the hunting tonight  :

http://www.virustotal.com/es/analisis/0f439fd62535165a9a565e0a3493eece

http://www.virustotal.com/es/analisis/9f2cd83d822fda0747f8467095df808e

http://www.virustotal.com/es/analisis/0d8c0486b29748b9cdd97dbaba351a9f

Tracking #10491703

Tracking #10491709

Tracking #10491716

--------------------------------

This another trojan is not detected for the automatic engine of SSR, but is a real trojan!

MegaCodecPack.exe


Tracking #10483899

Message Edited by Serekantum on 03-26-2009 04:59 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

at least symantec now detects autorun.inf viruses
----------------------------------------------------------------NIS 2011 beta 18.0.0.107 Win 7 7600 RTM 32-bit
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Are you getting them off torrenting or the likes of especially Limewire??

Quads 

Kudos2 Stats

Re: New threats that NIS09 fully updated don´t detects

Hi Quads, the viruses that i sent to SSR/VirusTotal/ThreatExpert are recollected because in my spare time I go hunting on the Internet, navigating pages especially in conflict and try to collect what looks like a threat. Internet is a crazy place where the cybercriminals roam at ease, malware is a endemic plague.

The more that we are fighting against the bad boys we will all be safer. And any move that is made to curb the cybercriminals, however small, is important in the final result!

You and your colleagues on this forum are knowledgeable about solving problems when they are already inside the PC, doing an important job! I'm more in the group of go-hunt. Among them, large and small, can do much to make internet more secure   

Greetings

PD: This is a tipical USB virus and is a variant of Venom (Venom is a real ballbreaker). NIS09 fully updated don´t detects the threat

 http://www.virustotal.com/es/analisis/71837422cd57053e30cf35f348db3e3a

SSR Tracking number  #10492468

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

If your finds get added to the malware that can be detected by Norton, then I think you do us all a good service.
Kudos2 Stats

Re: New threats that NIS09 fully updated don´t detects

Tracking #10491703 detected as downloader

Tracking #10491709 detected as downloader

Tracking #10491716 detected as w32.sillyfdc

Tracking #10483899 detected as trojan.dropper

Tracking #10492468 detected as Bat.Autorun.Trojan

Thanks

Conor Security Response
Kudos0

Re: New threats that NIS09 fully updated don´t detects

New threat:

Tracking #10494468 <--------variant of Trojan.Zlob (only three AV detects it!)

 

http://www.virustotal.com/es/analisis/9bab13d1877e8448858a123841cd2765

I am very happy with the fast response of Symantec  thanks!!!

Greetings

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Another ultra-new threat, is so recent that "it is still hot"

:

http://www.virustotal.com/es/analisis/ceb1fdc4b03e99602a656717cfdb6ecc

Tracking #10494602 <-----(only 2 engines detects it! "Generic.Dropper.cx")

 

Greetings

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

NIS09 fully updated don´t detects this trojan, but other 31 AV engines yes:

 http://www.virustotal.com/es/analisis/def1d07cfff4edb237b8f7a9107bbe0b

 Tracking #10495059

 Greetings

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

New threats hunted today and not detected for NIS09 fully updated:

http://www.virustotal.com/es/analisis/12652c0ded520c03ceda29cfbc18ccd7

 Tracking #10498992

http://www.virustotal.com/es/analisis/7cebd86d969e913eccc3348d5c4387af

Tracking #10499046

Greetings!

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

hmmmmmmmmmmm lots of threats...serekantum can now called as a malware hunter..!!
Genuine Windows 8.1 x64 Pro; NIS 2014; HP Pavallion G6 Notebook with AMD Core 2 Quad A10; 6 GB RAM; ; 1TB Western Digital HDD, AMD Radeon 2.5 GB Graphics Card
Kudos0

Re: New threats that NIS09 fully updated don´t detects

This is a ultra-new and "heavy weight" fake-antivirus (5.90Mb!) Is not detected for NIS09 fully updated. This file is very big and I loose the send to SSR  (my connection is very limited and it is a problem). Threatexpert rejected the file for his big size

The link to VirusTotal is:

http://www.virustotal.com/es/analisis/96dab569e09f277f3554b3bd19fa9b90

Only three AV engines detects this threat!

PD: Thanks Silverhawk, all we can do a good game, in this case each hand pushing in the same direction is important. Here in Spain we have a popular phrase for this type of case: Hit the monkey who is made of rubber!!! 

 

Greetings

Message Edited by Serekantum on 03-28-2009 02:25 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Hello; SSR say me tonight:

"We have analyzed your submission. The following is a report of our
findings for each file you have submitted:
filename: Live-Player_setup.exe
machine: Machine
result: See the developer notes
Customer notes:
trojan fake codecpack
Developer notes:
Live-Player_setup.exe contains no malicious code
"

--------------------------------------------------

Sorry but the file that I sent yes, is a malware .Please, re-adjust your automathic analizer engine!

SSR Tracking number: #10498992

 

 

http://www.threatexpert.com/report.aspx?md5=8e00c777e9e2835b83ec5bfa00cec125

http://www.virustotal.com/es/analisis/12652c0ded520c03ceda29cfbc18ccd7

AntiVir 7.9.0.129 2009.03.27-----------> SPR/Agent.BACR

 

Antiy-AVL 2.0.3.1 2009.03.28----------> AdWare/Win32.SafeSurfing

 

Ikarus T3.1.1.48.0 2009.03.28---------> Trojan.Win32.Wintrim

 

Prevx1 V2 2009.03.28-------------------> Medium Risk Malware

Message Edited by Serekantum on 03-28-2009 07:28 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

This is an extract of the log of Malwarebytes' Antimalware detecting and deleting the file "Live-Player_setup.exe"


Tracking #10498992

SSR says that is not malicious, but four AV engines detects as a malware:

29/03/2009 5:28:16 mbam-log-2009-03-29 (05-28-16).txt

Tipo de examen : Examen Rápido

Objetos examinados: 1

Tiempo transcurrido: 10 second(s)

Procesos en Memoria Infectados: 0

Módulos en Memoria Infectados: 0

Claves del Registro Infectadas: 0

Valores del Registro Infectados: 0

Elementos de Datos del Registro Infectados: 0

Carpetas Infectadas: 0

Ficheros Infectados: 1

Ficheros Infectados: c:\Users\Equipo1\documents\live-player_setup.exe (Adware.Navipromo) -> Quarantined and deleted successfully.

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Hello, this is a variant of others infected files that I sent to SSR. Contains a Trojan that I downloaded from a page that I have closely monitored; cybercriminals are changing any part of the code, and antivirus engines are not effective to detect the threat in a first time (only ONE! detects it today) How is this possible?

The code has to have a common link that could serve as identification of all its variants.Is very important that Symantec determine a generic identification to create a defense that offers protection against subsequent variants of this threat.

Tracking #10500322

 

http://www.virustotal.com/es/analisis/a7e46a68b764a8619517e884489b2eb3

The trojan starts the download to the pc victim, and including other four files, of an setup.exe of FakeAV undetected for NIS09 fully updated:

Tracking #10500424

 

http://www.threatexpert.com/report.aspx?md5=6709f26ba80cd20a89cb24916120db8d

http://www.virustotal.com/es/analisis/fd09ffb75723a4060c4fee5cf56a52b9

Greetings

Message Edited by Serekantum on 03-28-2009 10:03 PMMessage Edited by Serekantum on 03-28-2009 10:27 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Hi all.

Here´s a Trojan-Downloader that NIS09 fully updated don´t detects, please added to malware database:

Tracking #10503554

http://www.threatexpert.com/report.aspx?md5=fb1e1a76585c005f19434390e6f1730d

http://www.virustotal.com/es/analisis/a26d947be7c55a03682bac4aa5ad37ed

Greetings.

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Serekantum,

 

Live-Player_setup.exe (tracking number 10498992) is not what we would classify as a security risk.

 

It is an ad-supported media player provided by Favorit Network, a Spanish company (http://www.favorit-network.com/). It may display ads while it is running, but that is not a reason to detect it.

 

And you say Malwarebytes actually deleted it? Interesting. If Windows media player displayed ads while playing a song or video, I wonder if that would also be deleted...

 

JohnM

Kudos0

Re: New threats that NIS09 fully updated don´t detects

Hello JohnM, I am glad to see you.

I visited the website that supports the adware that was integrated, and I was surprised. At this site they say that at all times the user knows the advertising inserted in the program, and also monitoring their browsing habits to provide offers tailored to your profile.
However, four antivirus engines categorized as malware file advertising and MalwareBytes' antimalware detected and removed it to scan.


I guess there is something in this matter is not clear, do not forget that this file is obtained through a notice saying: "You do not have the latest version of videocodec and can not watch this video, download the latest version and enjoy!" This is a superknown tactic to introduce malicious code under the guise of videocodecs.

During this entire week, I pulled all the malware that ended about 8 pages that redirecting mostly the same places. In 70% of cases of deception came, the Executable presented as "essential" to see the content being offered. In other cases, I followed the trail to the subsequent package that called for the Trojans to an autonomous remote servers to download more malicious code, and when I got sent the samples to be analyzed separately, giving real positive in all cases.

I just want to say that a software package that is presented in the guise of a simple free video, but you fooled for installing an advertising program, I have no doubt it: is a malicious practice, and I would not rely on this software

On the website, the company say they are honest and not mislead anyone, but something happened with Zango and now everyone consider Zango as an example of bad soft.In both cases it is a program that performs a monitoring operator to provide personalized advertising. Hence, using the data obtained for other purposes there are only a small step. And I repeat : I sent to SSR adware that in no time warned of its nature, when it was presented in the form of "latest videocodec imperative to see a video" That's deceiving, and everything that comes from a delusion it is necessarily harmful, especially at this time, because internet is so saturated with malware that could almost speak of a virtual pandemic.

because of the ease to deceive and abuse people, I think Symantec should consider that it is better to "shoot first and ask questions later" This will force a shift toward honesty in regard to facilities programs that spy on computer users

greetings :)

(Sorry for my inglish, Im still learning...)

Message Edited by Serekantum on 03-29-2009 10:27 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

I understand what you are saying, but we can't detect an application purely because the company pushing it uses social engineering tactics to spread it. If such a thing was prohibited by law, police would probably have to arrest every salesperson who aggressively attempted to sell something <g>

 

All the other files you submitted were already detected when I checked them. You might be better to wait a day or two before posting here in order to allow time for your files to be processed.

Kudos0

Re: New threats that NIS09 fully updated don´t detects

HI, sorry to bug in.

I sent you a PM

&quot;All that we are is the result of what we have thought&quot;
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Private message replied! ;)
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos1 Stats

Re: New threats that NIS09 fully updated don´t detects

Hi all.

This two threats are indetected few ours ago (#10507785, #10507698)... But now is added to definitions database. This is the good way guys!

From now on I will wait to see answered SSR. Publish a weekly compilation of new viruses sent and added to the bases, and also those that are being sent to SSR responded negatively even real threats.

Greetings!

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Hello, are two days ago i sent to SSR three trojans, but today I re-download one, and NIS09 fully updated don´t detect this

Re-sending number: Tracking #10519292

http://www.virustotal.com/es/analisis/722d1574bd0f5dfb2e5b393e24ddf19c

Greetings.

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

I have something to say. Today I challenged seriously NIS09 and I brought a surprise. I tried to install one of the rogues who sent it to Symantec Security Response, for four days ago,and NIS09 allowed the installation of largest of them (which occupied 5.90Mb) This rogue, ask for download over "privacy components" I allowed it to check the reaction of NIS09 and NIS09 not prevented. What it does is prevent these rogues downloaded other viruses on their own, but the two that were installed could run on the machine without NIS09 hinder them at any time.
The truth is that I am greatly puzzled and disappointed, because makes I think that all the hours spend on search & sending threats to SSR is not utilized properly.


I have cleaned my computer completely (full format, is no problem to me) but my trust on NIS is now quite lower than before the actual test.

Frankly I do not understand NIS09 allowed to run freely as these two super famous rogues, the settings were on maximum strength ... I am very upset because these two rogues were not "zero day" and other anti-virus blocks quickly.


I know that will bother to say that some, but the truth must be heard to take appropriate measures. If this message is too offensive to the community, I notice from a moderator, and will no longer write here. I repeat to all community: I have no intention to be a bit annoying! but... I disadvantage

Greetings

Message Edited by Serekantum on 04-02-2009 10:37 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

 i think all of these things can be stoped by turning on advance event monitoring...did u try it...well i think advance users can turn it on and manually take the decision if they think Norton does not catches..
Genuine Windows 8.1 x64 Pro; NIS 2014; HP Pavallion G6 Notebook with AMD Core 2 Quad A10; 6 GB RAM; ; 1TB Western Digital HDD, AMD Radeon 2.5 GB Graphics Card
Kudos0

Re: New threats that NIS09 fully updated don´t detects

03/04/09, Tracking #10523284

http://www.virustotal.com/es/analisis/afc504c68acd4e4bc0481e587b071546

-----------------------------------------------

03/04/09, Tracking #10523457

http://www.virustotal.com/es/analisis/2480aa3e582557e8850a57c84f63ec9e

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

New trojans hunted two days ago, will be detected as "Downloader" and "Misleading application":
-----------------------------
Tracking #10531881

Tracking #10531818
-----------------------------
Greetings
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

Serekantum,

All the files you've mentioned are already detected as:

10519292 -> Trojan.Dropper
10531881 -> Trojan.Fakeavalert
10531818 -> Downloader
10523284 -> Downloader
10523457 -> Downloader

Regards,

- D

Kudos0

Re: New threats that NIS09 fully updated don´t detects

Thanks for telling me DesiT, but even in my mail I received notice that the threats will be detected, right now I just download an executable from infectious and reported (codec.exe) and NIS09 fully updated has not detected the danger . There is a "time-problem"  in terms of detection of real threats and recognized.Greetings DesiT, and thanks for your time, I know that sometimes I am very insistent  ;)Message Edited by Serekantum on 04-06-2009 03:33 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: New threats that NIS09 fully updated don´t detects

that is not matter..is a huge number of virus/threats that are not detected by norton..strange !!...what about norton pulse update?..that update us second by second..man u are really helping norton some way to make it more powerful..!!
Genuine Windows 8.1 x64 Pro; NIS 2014; HP Pavallion G6 Notebook with AMD Core 2 Quad A10; 6 GB RAM; ; 1TB Western Digital HDD, AMD Radeon 2.5 GB Graphics Card
Kudos1 Stats

Re: New threats that NIS09 fully updated don´t detects

Hello, this new variants of fake-videocodec, hunted one day ago, are submitted and NIS09 detects it as:

Downloader.Misleadapp & Downloader

#10550760

http://www.virustotal.com/es/analisis/8b3dc59e937c66587e134e6ed27e88d2

http://www.threatexpert.com/report.aspx?md5=c456356a67dd2b206873dd08742854b1

----------------------------------------------------------------

#10552475

http://www.virustotal.com/es/analisis/0b5a64d9dc41adf636d0ce37d1072379

http://www.threatexpert.com/report.aspx?md5=1330c369a5260a365ba86b943bdcac4c

Greetings 

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!

This thread is closed from further comment. Please visit the forum to start a new thread.