Sunbeltblog comments

Wow...here is a turn up for the books. For once AVG is one of the few virus scanners detecting it! (Usually its about middle of the table in terms of how quick it detects new viruses or how many viruses it detects).

And Clamwin....both of the free antivirus vendors. Anyone got any thoughts for this?
k1 | 06.06.06 - 4:13 pm | #

BOClean caught it (Zlob. Good job.
TNT | Homepage | 06.06.06 - 4:19 pm | #

That was Zlob8...
TNT | Homepage | 06.06.06 - 4:19 pm | #

What sort of sicko would want a free porn key and be so stupid to download it... unbelivable
Susie | 06.06.06 - 4:21 pm | #

"is revolutionary software developed specially for those who is looking for free porn picture and movie collections in the Internet"

They forgot "all your porn are belong to us, you know what you doing, move porn".
TNT | Homepage | 06.06.06 - 4:30 pm | #

L0L. Friends... It also russian project known as videoscash.com
Martin | 06.06.06 - 5:42 pm | #

Gravatar Why is this "news"? This is how it works people. You go to a site to get something for nothing. You accept a download, you get infected.
C. Lead | 06.06.06 - 8:58 pm | #

Gravatar Does anyone know where the "safety bar" was downloded from at all?

Many thanks,
Susie
Susie | 06.07.06 - 4:41 am | #

Gravatar C. Lead: "isn't news"

"A blog about activites, products and ideas at Sunbelt software etc..."
bob | 06.07.06 - 4:43 am | #

Gravatar "There’s a new trojan on the loose, undetected by almost all AV engines"

[sarcasm]
wow, new AND undetected - who would have guessed...
[/sarcasm]
kurt wismer | Homepage | 06.07.06 - 11:46 am | #

Gravatar Kurt, you're a piece of work.
Alex Eckelberry (Siteowner) | Homepage | 06.07.06 - 12:13 pm | #

Gravatar Hmmm now its find it (but still few one)


File: pornmagpass_ver1.107.exe
Status:
INFECTED/MALWARE
MD5 005fec6426978c68333d0c3bbb8348ad
Packers detected:
PE_PATCH.UPX, UPX, PE_PATCH, UPACK
Scanner results
AntiVir Found Adware-Spyware/DigiKeygen adware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Zlob.AOI
BitDefender Found nothing
ClamAV Found Trojan.Downloader.Zlob-471
Dr.Web Found Trojan.Popuper
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/TrojanDownloader.Zlob.PR
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
joker999 | 06.07.06 - 12:49 pm | #

Gravatar Susie,

The "Safety Bar" is downloaded from a remote address. There may be many different addresses for redundancy purposes, but in this case: 85.255.117.243
Adam Thomas | Homepage | 06.07.06 - 3:40 pm | #

Gravatar According to Micha on the KL forums, this executable is detected by Kaspersky.
TonyW | 06.07.06 - 4:15 pm | #

Gravatar It's not detected by Kaspersky. I'm a KAV user. It doesn't detect it.
TNT | Homepage | 06.07.06 - 4:27 pm | #

Gravatar It might only be detectable using the extended bases, and I assume you are using that, TNT. If that's the case, Micha has made a mistake.
TonyW | 06.07.06 - 9:37 pm | #

Gravatar alex - av companies see about 60-70 new pieces of malware each day, all previously undetected or only detected heuristically... and then time passes, work is done, and the malware is no longer undetected...

new ~= undetected, it's the nature of things, it's not really significant or noteworthy that a new trojan isn't being detected yet... unless you were intending to warn people (ie. 'most av products don't detect this yet so be careful'), but from the wording that didn't seem to be your intention...

instead it looked like a convenient opening for someone to make the rather tired (due to overuse) claim that av companies don't do enough to protect us based on all the malware their products aren't detecting...
kurt wismer | Homepage | 06.08.06 - 12:08 am | #

Gravatar Kurt sorry, do you realize all these Zlob trojans are being "updated" every single day AND EVERY SINGLE DAY they became undetected yet again by all (or nearly all) AV engines?
TNT | Homepage | 06.11.06 - 7:02 pm | #

Gravatar yes, i realize that... do you realize how long those new variants stay undetected?

until someone solves the halting problem (which can't happen, for those that didn't know), new malware will always have a window of opportunity - the trick is to make sure that window doesn't stay open for very long...

most of the time av companies do a pretty good job of getting the window closed quickly...
kurt wismer | Homepage | 06.12.06 - 12:09 am | #

Gravatar Can anyone give me more infor about videoscash.com. Need detail infor and you may reply using my email.
expressions@peoplepc.com
Tahnks for any infor
Dave | 09.18.06 - 10:02 pm | #

Gravatar "...Can anyone give me more infor about videoscash.com. Need detail infor and you may reply using my email...."
videocash.com is part of the vcodec,digikey,pornpass group I call the security scam hijackers. This is their affiliate signup site used to get affiliates to put links to their different sites used to run the installs of the various scams used to hijack users.

videoscash.com
Current IP:72.9.239.109
9/19/2006
Mario Maxime
nt @ chmails.com
Paris FR

6/14/2006
Mario Maxime
admin @ vidscollection.com
Paris FR

12/1/2005
Pertennen Malcolm Deniakke
mal @ horny-blowjobs.com
Helsinki FI
Patrick Jordan | Homepage | 09.19.06 - 8:55 am | #

Gravatar The new distribution point entry has changed. It is now MYpornmagpass.com. Yes, they are still changing their binary every so many hours. The AV companies can not keep up with that kind of activity and the only way out of it is to buy a Mac or install Linux, OpenBSD, or FreeBSD.
Henry Hertz Hobbit | 10.21.06 - 11:11 am | #

Name:

Email:

URL:

Comment:  ? 

 

Commenting by HaloScan