Jump to content

DragonMaster Jay

Honorary Members
  • Content Count

    380
  • Joined

  • Last visited

Posts posted by DragonMaster Jay


  1. Hi! Wanted to ask if you can also study the app "ai.type" - as I have collected information regarding it on my device.

    It is popping up in a browser window sent through Linux browser (AKA the Android System Webview) during/after Google Play apps update; however, ai.type does not appear to be using Batmobi - even though they are sending analytics and ad association data 40-60 times/minute. They do use Adjust.io ad kit, however, and decided to communicate data with the server just before launching popup on test device.

    They used spoofed app ID "com.apalon.myclockfree" with referrer from Mobobeat.biz, and utilized domain for callback URL, ".stats-location.com".

    Would you check this app, ai.type, to reproduce, and see if it has integration with Batmobi? The registration in the XML data sent has 302 codes, which signals redirects similar to those already mentioned.

    This is the same redirection scheme being used in "click302.h5mone.com" - therefore, I wanted to provide data I had gathered as well. Please get back to me soon.


  2. It can not be classified as "rogue" because...

    1. There is no unsolicited intrusion/penetration into the system

    2. There is no explicit enforcement/offering to buy a higher/pro version of the same program.

    3. Detection of the mentioned program is based on behavior (such as registry changes)

    4. Can not find any illegitimate advertisements/offers in program.


  3. You seem to misunderstand the importance of this file, and what could happen if you change the internal assembly to a write code. If you add write features to this sample virus code, it will not be pretty to your OS. The fact that you can do an Assembly code analysis, as I did above, proves that the researchers whom designed it, were specifically aiming for what real virus code would look like.

    If you do an analysis (if you know Assembly code) of this file, you will realize it has all that is needed to implement a real virus. It contains an instruction pointer, a stack pointer, a data string, DOS function, and two places where it changes its bytes to make it polymorphic. One of the worst type of viruses we deal with is polymorphic viruses. EICAR test file is still a good example virus and should still be used.


  4. I've been told the reason AVs will detect it is for normal users to test the responsiveness of their real-time protection. Also, you can stick it in a zip folder or similar format, and see if the antivirus will still detect it, no matter if it is in a compressed file or not.

    Dumped EICAR test file in debugger:

    dumpedeicar.png


  5. Hello all

    I realized today, MBAM failed to detect the EICAR test file. Was not sure if this was on purpose or not, but I figured it would be a good idea to detect it.

    I also realize it is an antivirus test, but hey, why not add it anyway?


  6. I just wanted to comment on protection for Linux.

    Linux is not bulletproof. But, it is much more secure, of course.

    Linux operating systems have a team behind them that continually work to release security and software updates, as Linux is not vulnerability free. A particularly intelligent user will know that security updates for Linux are just as critical as they are for Windows.

    The antivirus/antimalware for Linux users, that are currently available (Avira, AVG, avast!, F-Prot, Kaspersky, BitDefender, Trend Micro, McAfee, F-Secure, ESET, Symantec, Panda, Dr. Web, Sophos, etc.) are mainly for business workstations and personal users that need the feeling of being secure. When used in personal situations, it is more for the beginner user that is not aware of security updating.

    The need for an antivirus is rather slim for Linux systems.

    I could imagine a personal user wanting an antivirus to scan documents, pictures, movies, etc. that came from a Windows machine. Also, if any user has a fad to be into social sites, particularly ones that contain social engineering attacks, they too should have an antivirus for Linux. Linux machines are vulnerable to most social engineering attacks.


  7. Launch KIS.

    Enter the settings, and turn scheduled scanning off.

    Then, open command prompt by clicking Start > Run (or use Start search in Vista/7)...type in CMD and hit OK.

    Place the following line in:

    dir c:\windows\tasks > log.txt && start log.txt

    post back the log that launches.


  8. Making users pay for an ineffective removal is ridiculous. Support teams that charge that much should be ashamed of themselves.

    Luckily, online malware removal forums will not charge. No wonder why the online forums for malware removal are so popular. No point in paying for malware removal, if volunteers like to do it for free (and effective).

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.