Jump to content

Recommended Posts

Today I see MBAM detecting netcat (nc.exe) as PUP.KeyLogger. I have that tool for ages and this is the first time I see it detected as malware by MBAM.

Is that a change in signatures?

If you really must inflate your detection ration, can you at least use a more accurate description?

How can nc log keys? I can't.

As for the rationale "having seen its inclusion in several hack-kits", why not detect the hack-kits?

Besides, what hack kit would leave such a big warning sign openly visible?



PS: The vendor information in MBAM ont the found item loads the page http://www.malwarebytes.org/products/malwarebytes_pro?name=PUP.KeyLogger which is just an ad for MBAM Pro.

Link to post
Share on other sites

  • Staff

PUP means potentially unwanted program.

If This is bundled in malware it should be bought to the non experts attention that its installed.

Most experts that have valid uses will just add to the ignore list or turn pup detections off in settings.

If you would like to discuss this civilized instead of making all kinds of accusations towards Mbam feel free to reply.

Link to post
Share on other sites

netcat is not a keylogger.

I apologize, but I don't see what more civilized way there is to express this.


Is this a change in the signatures or MBAM behavior?

As said, that was the first time it was detected, although I have NC for a long time on that system.

Link to post
Share on other sites

  • Staff

I think i found the version installed. I renamed this detection to PUP.Netcat for now. I am trying to compile evidence from the malware that installed it. I am pretty sure it was used to read packets and the malware sniffed them for login's and such. Thus the initial detection as Keylogger.

Link to post
Share on other sites

  • 4 months later...
  • 3 months later...

Yes, the new MalwareNET is not online yet. We have huge plans for it in the future, unfortunately it's going to take a lot of time to get it ready for release.

That being said, if we remove the menu for it from Malwarebytes Anti-Malware now, then that means it will be unavailable in the versions of Malwarebytes Anti-Malware from which it was removed when we do get it online, so for now, unless we decide to simply never implement MalwareNET again (which we have no plans on doing, as I said, we have big plans for it), we want it to be there so that users of all versions of our product will be able to easily access the information that it will provide.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.