xerces8 Posted August 21, 2011 ID:468018 Share Posted August 21, 2011 Today I see MBAM detecting netcat (nc.exe) as PUP.KeyLogger. I have that tool for ages and this is the first time I see it detected as malware by MBAM.Is that a change in signatures?If you really must inflate your detection ration, can you at least use a more accurate description?How can nc log keys? I can't.As for the rationale "having seen its inclusion in several hack-kits", why not detect the hack-kits?Besides, what hack kit would leave such a big warning sign openly visible?Regards,DavidPS: The vendor information in MBAM ont the found item loads the page http://www.malwarebytes.org/products/malwarebytes_pro?name=PUP.KeyLogger which is just an ad for MBAM Pro. Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 21, 2011 Staff ID:468025 Share Posted August 21, 2011 PUP means potentially unwanted program. If This is bundled in malware it should be bought to the non experts attention that its installed. Most experts that have valid uses will just add to the ignore list or turn pup detections off in settings. If you would like to discuss this civilized instead of making all kinds of accusations towards Mbam feel free to reply. Link to post Share on other sites More sharing options...
xerces8 Posted August 25, 2011 Author ID:469242 Share Posted August 25, 2011 netcat is not a keylogger.I apologize, but I don't see what more civilized way there is to express this.Also:Is this a change in the signatures or MBAM behavior?As said, that was the first time it was detected, although I have NC for a long time on that system. Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 25, 2011 Staff ID:469249 Share Posted August 25, 2011 Let me investigate it more. What Version do you have installed?Can you post a scan log from mbam for it? Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 25, 2011 Staff ID:469300 Share Posted August 25, 2011 I think i found the version installed. I renamed this detection to PUP.Netcat for now. I am trying to compile evidence from the malware that installed it. I am pretty sure it was used to read packets and the malware sniffed them for login's and such. Thus the initial detection as Keylogger. Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 25, 2011 Staff ID:469304 Share Posted August 25, 2011 Yup gonna leave this as PUP.NetcatJust for grins:http://www.virustotal.com/file-scan/report.html?id=7379c5f5989be9b790d071481ee4fdfaeeb0dc7c4566cad8363cb016acc8145e-131420345327/44 detect it as a tool.Netcat so pup.netcat fits better. Thanks for reporting. Link to post Share on other sites More sharing options...
xerces8 Posted August 25, 2011 Author ID:469336 Share Posted August 25, 2011 I just checked the version and it is 1.51.1.1800, database 7529With an updated database (7568) it is detected as PUP.Netcat.The Vendor information link still point to a generic MBABM webpage.http://www.malwarebytes.org/products/malwarebytes_pro?name=PUP.Netcat Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 25, 2011 Staff ID:469339 Share Posted August 25, 2011 Yes we are currently totally revamping Malwarenet. It should be back in the near future. Link to post Share on other sites More sharing options...
xerces8 Posted January 8, 2012 Author ID:515007 Share Posted January 8, 2012 How about removing that menu item until it actually works? It gives you an un-serious look...Regards,David Link to post Share on other sites More sharing options...
xerces8 Posted May 2, 2012 Author ID:548181 Share Posted May 2, 2012 It still does not work, just FYI. Link to post Share on other sites More sharing options...
exile360 Posted May 2, 2012 ID:548216 Share Posted May 2, 2012 Yes, the new MalwareNET is not online yet. We have huge plans for it in the future, unfortunately it's going to take a lot of time to get it ready for release.That being said, if we remove the menu for it from Malwarebytes Anti-Malware now, then that means it will be unavailable in the versions of Malwarebytes Anti-Malware from which it was removed when we do get it online, so for now, unless we decide to simply never implement MalwareNET again (which we have no plans on doing, as I said, we have big plans for it), we want it to be there so that users of all versions of our product will be able to easily access the information that it will provide. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now