It is currently Sat Feb 22, 2020 8:23 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 68 posts ]  Go to page 1, 2, 3, 4, 5  Next
Author Message
 Post subject: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 11:59 am 
Offline
User
User
User avatar

Joined: Thu Sep 30, 2010 9:21 pm
Posts: 49
https://yro.slashdot.org/story/19/11/12 ... er-servers

To the guys who write these ransomware platforms, who are probably even on this forum somewhere: Could you not use languages like Go instead?

Now Purebasic programs will be flagged by Antivirus even more. :x

_________________
"I have never let my schooling interfere with my education." - Mark Twain


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 12:03 pm 
Offline
Moderator
Moderator
User avatar

Joined: Thu Dec 31, 2009 11:05 pm
Posts: 1110
Location: Gernsbach (Germany)
:shock:

_________________
ImageImageImageImage Image


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 12:29 pm 
Offline
Enthusiast
Enthusiast

Joined: Thu Apr 18, 2019 8:17 am
Posts: 578
Wow! Detailed info:

https://www.intezer.com/blog-purelocker ... t-servers/

PureBasic will definitely get more exposure from this, but perhaps not in a good way. :(


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 1:35 pm 
Offline
Addict
Addict
User avatar

Joined: Sat Feb 19, 2011 10:06 am
Posts: 822
Location: Denmark
BarryG wrote:
Wow! Detailed info:

https://www.intezer.com/blog-purelocker ... t-servers/

PureBasic will definitely get more exposure from this, but perhaps not in a good way. :(


It will get both. ANY language can be used in truly annoying ways. I'm amazed if it hasn't been done before in Purebasic
sometime in the past..
In the meantime Purebasic will get a lot more exposure - in a good way. :-)

_________________
“Tell me and I forget. Teach me and I remember. Involve me and I learn.”
— Benjamin Franklin
Current configurations: Windows 10, Intel 6800K, GeForce Gtx 1060, 32 gb ram.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 1:49 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jun 22, 2003 7:43 pm
Posts: 471
Location: Germany, Saarbrücken
intezer.com wrote:
The ransomware then secure-deletes the original files in order to prevent recovery.

Wasn't there a user recently who wanted to know how to wipe files securely? :P

_________________
Electronics, Crazy & Interesting Stuff, all that with text, image and sound? Click here!

The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 2:19 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jul 07, 2013 11:35 am
Posts: 450
Location: Canada
Very sad news :(

_________________
The Stone Age did not end due to a shortage of stones !


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 3:57 pm 
Offline
Addict
Addict
User avatar

Joined: Tue Nov 09, 2010 10:15 pm
Posts: 1602
I had to have been used before, since most av's flag so many programs we are writing. I've had to add whitelists to every av I've used.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 4:01 pm 
Offline
Administrator
Administrator

Joined: Fri May 17, 2002 4:39 pm
Posts: 13896
Location: France
That's definitely not good exposure and antivirus will raise the bar against PB exec for sure :(


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 5:16 pm 
Offline
Enthusiast
Enthusiast

Joined: Thu Dec 29, 2011 5:03 pm
Posts: 522
Ugh, I hate this. PureBasic is so awesome and shouldn't be used for criminal purposes. :(


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 7:34 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sat Jun 24, 2006 3:29 am
Posts: 208
There have been a few strange posts in the past about this sort of thing - or at least it sounded a lot like it. Users with 1 or so posts asking questions that just didn't seem right. It's very hard to determine the legitimacy of a users question, unless they are around for a while. I'm all for all sorts of hacking - black/white/pink/rasta hat... but only out of a proof of concept interest.

Ransomware is a sucky concept - but as far as I know it's pretty hard to be caught with it if you are not downloading and executing everything like a lunatic.

It's not PB's "fault" it is a good dev envirnoment for malware. That just shows it is simply a good dev environment. You can make anything.

_________________
Proud supporter of PB! * Musician * C64/6502 Freak


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 9:17 pm 
Offline
Enthusiast
Enthusiast

Joined: Sat Apr 26, 2003 2:49 pm
Posts: 659
I don't use AVs and have little idea about signatures, etc...
But why this?:
Quote:
AV vendors have trouble generating reliable detection signatures for PureBasic binaries

It would be easier to detect if it was written in plain c using some free compiler?
What makes pb exes diffrent?


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 9:33 pm 
Offline
Addict
Addict
User avatar

Joined: Wed Dec 23, 2009 10:14 pm
Posts: 3203
Location: Boston, MA
The statement is too nebulous.
There was mention of telemetry api's compiled into visual studio app's. I thought pb would have those also if the compiler is compiled in VS 2013/15.

_________________
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 9:34 pm 
Offline
Enthusiast
Enthusiast

Joined: Fri Feb 19, 2010 3:42 am
Posts: 541
I have banned PureBasic from my developments being always afraid of possible antivirus problems.
Even more, tomorrow I gonna have to ban PureBasic completely from my office PC.
That makes me sad... :cry:


Also my question: "Is there anything making PB's exes special separate from being very efficient?"
Sometimes I wonder if antivirus detection thinks "a program can not be that small" or something similar...


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 9:46 pm 
Offline
Enthusiast
Enthusiast

Joined: Fri Feb 19, 2010 3:42 am
Posts: 541
Hmmmh...
If I have the source and make it public to the internal users and assume that there is no malware in PureBasic itself, is this a real big problem in an Intranet environment?

Some colleagues often ask me to send them links to file shares so they can click on it and explorer opens immediately.
And I always answer: no, I will not send You clickable links.
Those are the things (from other senders) that are dangerous and not the knife who built the wood carving, correct?


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Wed Nov 13, 2019 10:01 pm 
Offline
Enthusiast
Enthusiast

Joined: Thu Apr 18, 2019 8:17 am
Posts: 578
HanPBF wrote:
I have banned PureBasic from my developments being always afraid of possible antivirus problems.
Even more, tomorrow I gonna have to ban PureBasic completely from my office PC.

What? Why? PureBasic isn't infected or has malware. An executable compiled with it is. What you're saying is like banning Excel because someone made a bad spreadsheet.

HanPBF wrote:
Sometimes I wonder if antivirus detection thinks "a program can not be that small"

No, it's not that: I (and others) have tested this before by adding extra bloat to their exes, making them between 10 MB and 150 MB in size. And there's lots of other small exes (under 1 MB) written in other languages that don't get flagged. I have plenty of them on my PC.

One of my apps recently got flagged with 13 "viruses" (in reality: false positives) by VirusTotal. I was using the 32-bit compiler of PureBasic. I compiled the same app with the 64-bit version and only got 2 false positives. Says a lot.

Adding version info to your PureBasic exe can reduce false positives. My example app above didn't have it at first, and had about 4 extra false-positives until I added it.

Don't get too hung up on digitally signing your exes, either: there's another current ransomware (Megacortex) who's exe is digitally signed to a company in Australia. So, signing doesn't provide protection or "prove" that an exe is safe at all.

PureLocker requires admin rights to run, which nobody should really be doing anyway; plus it uses code from other ransomware apps, so it will soon be easy for AV to detect because the other code signatures are well-known.

There's no reason to ditch PureBasic over this.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 68 posts ]  Go to page 1, 2, 3, 4, 5  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye