netcat

[xerces8]

Today I see MBAM detecting netcat (nc.exe) as PUP.KeyLogger. I have that tool for ages and this is the first time I see it detected as malware by MBAM.

Is that a change in signatures?

If you really must inflate your detection ration, can you at least use a more accurate description?

How can nc log keys? I can't.

As for the rationale "having seen its inclusion in several hack-kits", why not detect the hack-kits?

Besides, what hack kit would leave such a big warning sign openly visible?

Regards,

David

PS: The vendor information in MBAM ont the found item loads the page http://www.malwarebytes.org/products/malwarebytes_pro?name=PUP.KeyLogger which is just an ad for MBAM Pro.

[shadowwar]

PUP means potentially unwanted program.

If This is bundled in malware it should be bought to the non experts attention that its installed.

Most experts that have valid uses will just add to the ignore list or turn pup detections off in settings.

If you would like to discuss this civilized instead of making all kinds of accusations towards Mbam feel free to reply.

[xerces8]

netcat is not a keylogger.

I apologize, but I don't see what more civilized way there is to express this.

Also:

Is this a change in the signatures or MBAM behavior?

As said, that was the first time it was detected, although I have NC for a long time on that system.

[shadowwar]

Let me investigate it more. What Version do you have installed?

Can you post a scan log from mbam for it?

[shadowwar]

I think i found the version installed. I renamed this detection to PUP.Netcat for now. I am trying to compile evidence from the malware that installed it. I am pretty sure it was used to read packets and the malware sniffed them for login's and such. Thus the initial detection as Keylogger.

[shadowwar]

Yup gonna leave this as PUP.Netcat

Just for grins:

http://www.virustotal.com/file-scan/report.html?id=7379c5f5989be9b790d071481ee4fdfaeeb0dc7c4566cad8363cb016acc8145e-1314203453

27/44 detect it as a tool.Netcat so pup.netcat fits better.

Thanks for reporting.

[xerces8]

I just checked the version and it is 1.51.1.1800, database 7529

With an updated database (7568) it is detected as PUP.Netcat.

The Vendor information link still point to a generic MBABM webpage.

http://www.malwarebytes.org/products/malwarebytes_pro?name=PUP.Netcat

[shadowwar]

Yes we are currently totally revamping Malwarenet. It should be back in the near future.

[xerces8]

How about removing that menu item until it actually works?

It gives you an un-serious look...

Regards,

David

[xerces8]

It still does not work, just FYI.

[exile360]

Yes, the new MalwareNET is not online yet. We have huge plans for it in the future, unfortunately it's going to take a lot of time to get it ready for release.

That being said, if we remove the menu for it from Malwarebytes Anti-Malware now, then that means it will be unavailable in the versions of Malwarebytes Anti-Malware from which it was removed when we do get it online, so for now, unless we decide to simply never implement MalwareNET again (which we have no plans on doing, as I said, we have big plans for it), we want it to be there so that users of all versions of our product will be able to easily access the information that it will provide.