Malware flying under the radar

PeterBJ

Printer VIP
Platinum Printer Member
Joined
Nov 27, 2010
Messages
5,113
Reaction score
4,976
Points
373
Location
Copenhagen Denmark
Printer Model
Canon MP990
The unpacked exe file has a rating of 20/55, which is slightly worse than the iso file. The Virustotal scan of the exe file is here. Maybe the use of packing into iso files is more to fool the human operator than to fool the anti-malware programs?
 

stratman

Printer VIP
Platinum Printer Member
Joined
Apr 19, 2007
Messages
8,712
Reaction score
7,176
Points
393
Location
USA
Printer Model
Canon MB5120, Pencil
What's up with Symantec? If you ever watched the American sitcom TV show from the 1970's called Hogan's Heroes then you could say Symantec is the Sgt. Schultz of scanners -- I see nothing!

I think you are right about packaging the malware in the ISO for improved stealth.
 

The Hat

Printer VIP
Platinum Printer Member
Joined
Jan 18, 2010
Messages
15,792
Reaction score
8,824
Points
453
Location
Residing in Wicklow Ireland
Printer Model
Canon/3D, CR-10, CR-10S, KP-3
Just an update on our friendly ISO file.

We submitted the ISO file to Symantec and it’s taken all this time to get a response.

In fact we are still waiting on a reply from Symantec as to what they actually found and what it can do, I’ve had it sitting on my desktop all this time and it only got zapped today.

If I get any more information on this file and if it’s worth reporting, I’ll be back...
Untitled-1.png click to enlarge.
 

websnail

Printer VIP
Platinum Printer Member
Joined
Oct 27, 2005
Messages
3,666
Reaction score
1,349
Points
337
Location
South Yorks, UK
Printer Model
Epson, Canon, HP... A "few"
Had a look at the report and it looks like the "malware" is actually some kind of installer that puts in spamware rather than malicious code. Still, better to avoid though...
 

stratman

Printer VIP
Platinum Printer Member
Joined
Apr 19, 2007
Messages
8,712
Reaction score
7,176
Points
393
Location
USA
Printer Model
Canon MB5120, Pencil
If I get any more information on this file and if it’s worth reporting,
Clicking on the Details and Origin tabs in the File Insight window you posted as an image will give more info. Whether it is useful information is another matter. :idunno
 

stratman

Printer VIP
Platinum Printer Member
Joined
Apr 19, 2007
Messages
8,712
Reaction score
7,176
Points
393
Location
USA
Printer Model
Canon MB5120, Pencil
For those willing to expand their computing experience... Sandboxing to run/install apps in an isolated virtual environment -- http://www.howtogeek.com/169139/san...rotecting-you-and-how-to-sandbox-any-program/

One use of the free and payware Sandboxing apps listed in the article is to run the purported maleware EXE app to see what happens without exposing your computer to bad effects. Once you close the Sandbox, any changes made by the app are deleted as if it never occurred.

Another use of Sandboxing virtual windows are to run an internet browser for those friends/family members who seem to always run afoul of maleware whilst online. Saves the "tech" call to you to fix it. :D
 
Top