It is currently Mon Sep 28, 2020 6:41 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 164 posts ]  Go to page Previous  1 ... 7, 8, 9, 10, 11
Author Message
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 02, 2020 1:58 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Sep 11, 2016 2:17 pm
Posts: 727
Bitblazer wrote:
...
Never connect computers with confidential information to the internet ;)
...


Exactly!


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh Nebel... PB Ransomware
PostPosted: Sun Aug 02, 2020 2:00 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Apr 05, 2020 11:28 am
Posts: 231
Location: Pandora
The greatest harm is often caused by getting people to hand over information that they would never voluntarily give to strangers.

Logically, computers or their users, which are attacked in this way, are connected to the Internet :shock: .

The average talented person learns from his mistakes.
The smart learns from the mistakes of others.
The stupid one knows everything better.

We say that although horses have bigger heads than people, they do not necessarily can think better.
But we also say, that exceptions confirm the rule !

_________________
地球上の平和


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 02, 2020 3:19 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jun 22, 2003 7:43 pm
Posts: 586
Location: Germany, Saarbrücken
I get really angry when I read here how people praise Windows XP to the skies. This shit shouldn't be connected to the internet anymore. And it's ridiculous to take the number of CVE reports as a comparison. It's a sign you guys don't know anything about security.
And backups have nothing to do with safety, they have to do with stupidity. Because if you don't do one, you're stupid. The biggest problem with outdated systems is the possibility that they themselves become a virus because they have been infected by bots.

Apart from that, Windows XP is super slow, and unless you have the 64-bit version, the 3 GB of memory will quickly fill up. Apart from that there are hardly any programs running on it anymore.

_________________
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh Mist... PB Ransomware
PostPosted: Sun Aug 02, 2020 3:40 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Apr 05, 2020 11:28 am
Posts: 231
Location: Pandora
The argumentation for Windows XP contradicts all logic and reason.

It can't be that difficult to recognize reality ?

The motivations of the antivirus vendors are relatively easy to assess.

Just as easy as the motives of the creators of malware, phishing and scamming.

_________________
地球上の平和


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sat Aug 15, 2020 11:11 pm 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 88
Location: Adelaide, South Australia
FYI. Just some more experimenting.

I compiled the same source code using PureBasic Win 5.70, 5.71 and 5.72, all 32-bit. Each exe had a slightly different filename. The file size grew with each compilation. Then individually submitted the files to VirusTotal. Results:

5.70 3 detections out of 68
5.71 3 detections
5.72 13 detections

Compiling as 64-bit resulted in 1 detection, and of course it had to be Microsoft.
But wait! Microsoft was not in the hit-list for the 32-bit compilations.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 16, 2020 1:47 am 
Offline
Addict
Addict

Joined: Thu Apr 18, 2019 8:17 am
Posts: 1006
Don't forget to check those detections again (re-analyze) a day later. I've had 6 detections when first submitted, but this jumped to 18 the next day when re-analyzed with no changes. It seems VirusTotal dynamically changes their scans.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Mon Aug 17, 2020 12:53 am 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 88
Location: Adelaide, South Australia
You are absolutely correct, Barry. I have seen this, too. Last week the 5.70 compilations were 13 but now 3.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Mon Aug 17, 2020 11:23 pm 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 88
Location: Adelaide, South Australia
On Sunday I submitted a recompiled 64-bit file to VT. Used PB 5.70. Only 1 hit...Microsoft. All the other AV systems reported "undetected". The very next day four of my users reported the same file had been deleted. All were using Defender. The file had not been changed on their system and was fine before the weekend. I do not believe this is a co-incidence! A false positive on VirusTotal and the next day Defender claims the files are infected. I have submitted the file along with its mates to MS to be whitelisted. Last time I did this with the 32-bit versions, MS reported them clean but even a week later users still reported the files being removed. And so it goes...


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Mon Aug 17, 2020 11:48 pm 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Fri Apr 25, 2003 4:34 pm
Posts: 987
Location: Canada
I was told by a developer working at an AV company that when you submit a piece of software to a website like VirusTotal and even one AV platform flags your software as a virus/torojan, that info is then shared with all the other AV companies and the chances of the others starting to flag your software goes up. The more you submit, the more likely others will follow suit.

If this is the case, it's certainly something to think about. ;)

_________________
Image Image


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Thu Aug 20, 2020 1:32 am 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 88
Location: Adelaide, South Australia
That explains why the falsies multiplied. VirusTotal behaves like a virus itself by sharing results automatically. It also seems if the files are cleared by one AV company that does not seem to transfer to the others. Not right and not fair. I will not be using VirusTotal again. I did try Hybrid Analysis and the test files came back undetected - i.e. no problem. Bet that was not passed on. Three days later and I am still waiting for a reply from Microsoft.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 23, 2020 3:15 am 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 88
Location: Adelaide, South Australia
Oh...crap! Malwarebytes is now flagging the PureBasic compilation file in the Windows AppData temp folder as having Malware.Heurisitic.1008. Just started today. Was fine yesterday Aug 22. I tried 32-bit PB versions 5.70, 5.71 and 5.72 and all quarantined the compilation0 file. It is not happening for 64-bit versions. When I press F5 to compile and run...wham! I have told my system the file is safe. However, without doing that I would no longer be able to use PureBasic. Anyone else run into this?


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 23, 2020 3:18 am 
Offline
Addict
Addict

Joined: Thu Apr 18, 2019 8:17 am
Posts: 1006
DeanH wrote:
Anyone else run into this?

All the time. I've pretty much stopped updating my apps for public use at the moment. I update them for myself only until I can decide where I want to go in life. I'm 50 now and not sure I have time for this malware dance anymore. There's better uses for my time.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sat Sep 05, 2020 3:23 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Mon Feb 25, 2013 5:51 pm
Posts: 581
Location: US or Estonia
I read somewhere that this is suspected of being developed by a government.. Encrypting files based on their extensions with PKI over http and sending it on emails is just too state of the art and robust for some lone math/CS prodigy to code..

definitely a FancyBear or Equation level operation

_________________
The truth hurts.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Tue Sep 15, 2020 2:24 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jun 22, 2003 7:43 pm
Posts: 586
Location: Germany, Saarbrücken
Here's a funny guide in three steps to convince up to 25 virus scanners that there is no virus anymore: https://twitter.com/jeffmcjunkin/status ... 2252054528

_________________
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 164 posts ]  Go to page Previous  1 ... 7, 8, 9, 10, 11

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye