Oh crap... PB ransomware

[Mohawk70]

https://ibb.co/Bc40cTw

May be of interest to some here ( no, none of these are source for the malware, I wouldn't post that. )
advanced-threat-research/Yara-Rules has detection signature,
posted by someone purportedly from McAfee team

https://ibb.co/s527x6H

[tj1010]

disable SmartScreen and real-time AV on Windows... done

If you're still reliant on signatures over HIPS and HIDS and sandboxing all it'll take is a obfuscator or stolen AuthentiCode key or exploit to load on your endpoints with a fully up to date AV anyway..

Also... It takes like 30 minutes to write a HTTP controlled file encryption(ransomware) in PB... Book-burning-hysteria isn't going to stop even someone who just started programming from making malware.. Should we remove the assembly section since it teaches people to reverse engineer and crack software?

[Tenaja]

And now, it looks like the publicity had gotten us a while new set of spammers. Oh, joy.

[Mijikai]

And now, it looks like the publicity had gotten us a while new set of spammers. Oh, joy.

I only see the usual amount of spammers (which is bad enough) but since no one cares to push the forum into the next century nothing will change.

Dont get me wrong - im mad because i love PB and i really dont like to see the forum in such a run down state.

[Marc56us]

Bad publicity is also publicity.

Real developers know that it is not the language that makes the virus but the user.

Enterprise users will surrender against that PB it is not a toy for beginners and that these possibilities are great.
On the contrary, sales may increase.

Antivirus vendors may start to study PB's operation closely instead of systematically quarantining all programs generated by it.

If they themselves create test programs with PB (even with demo version, a simple MessageRequester) and see that their antivirus puts it in quarantine they will realize that their scanning algorithms need to be reviewed...

[Sicro]

@Marc56us: I agree.

What would be bad, is, if many news sites would write that the programs created with the programming language "PureBasic" could contain some security vulnerabilities, because the native libraries are partly very outdated (very old RegEx-Lib).

[tj1010]

@Marc56us: I agree.

What would be bad, is, if many news sites would write that the programs created with the programming language "PureBasic" could contain some security vulnerabilities, because the native libraries are partly very outdated (very old RegEx-Lib).

PHP gets such headlines by influential security people daily.. It's the default CGI option on most of the worlds web hosting and what most CMS are written in..

EU and American agencies like the IRS use socketed Java around their data management(don't look too deep on official&signed EU smartcard browser plugins)... lol

I've seen ransomware written in native GoLang and it's basically hack proof...

This thread gives a lot of wrong impressions about AV companies and signatures and modern endpoint security... Any up to date *known* AV solution isn't going to have detection rules for compiler stubs, and will likely only use IAT and entropy stats for heuristics..

[HanPBF]

@Marc56us: I agree.

What would be bad, is, if many news sites would write that the programs created with the programming language "PureBasic" could contain some security vulnerabilities, because the native libraries are partly very outdated (very old RegEx-Lib).

So, do I understand correctly -> this old, security risk version is still used in PureBasic?

And this is not a problem???

[Sicro]

PHP gets such headlines by influential security people daily

I don't follow the development of PHP, but I suspect that the security issues there are fixed faster — or does it take there also more than 7 years?
I doubt that the security issues with PHP exist because very outdated third-party libraries are shipped by the PHP installer. I think they always include up-to-date versions of third-party libs — at least with every release of the PHP installer.

EU and American agencies like the IRS use socketed Java around their data management(don't look too deep on official&signed EU smartcard browser plugins)... lol

Yes, many companies avoid extensive security vulnerability testing in order to save costs or whatever ...
It is wrong and every company will atone for it sooner or later. As we can see it again and again.

So, do I understand correctly -> this old, security risk version is still used in PureBasic?

Yes.

And this is not a problem???

In the sentence you quoted from me, I wrote that it is a problem.

[HanPBF]

@Sicro
Of course, my sentence was irony...desperate irony.


Long: I did get rid of PureBasic from my office PC completely. Everything about the business model and hobbyist/professional kind of environment was very often said. I will check this forum again in 2022.

Short: game over.

[skywalk]

HanPBF - So much wrong with your post.
Defeatist, gloom and doom, baseless, and finally, contradictory. See you in 2022, we'll be here.

[Little John]

So, do I understand correctly -> this old, security risk version is still used in PureBasic?

Yes.

And this is not a problem???

In the sentence you quoted from me, I wrote that it is a problem.

@Sicro
Of course, my sentence was irony...desperate irony.

The problem about the security risk is different from the problem that there is ransomware which was written in PB. And that security risk is discussed in a separete thread.

I will check this forum again in 2022.

See you in 2022, we'll be here.

[RASHAD]

Thanks skywalk
If I am still alive ,I hope I will be here 2022 too

[skywalk]

Haha, me too! And if not, I will haunt you all

[Fangbeast]

And I'll show all you silly buggers my dessicated fangs of doom:):)