Oh crap... PB ransomware

For everything that's not in any way related to PureBasic. General chat etc...
User avatar
Erich
User
User
Posts: 49
Joined: Thu Sep 30, 2010 9:21 pm

Oh crap... PB ransomware

Post by Erich »

https://yro.slashdot.org/story/19/11/12 ... er-servers

To the guys who write these ransomware platforms, who are probably even on this forum somewhere: Could you not use languages like Go instead?

Now Purebasic programs will be flagged by Antivirus even more. :x
"I have never let my schooling interfere with my education." - Mark Twain
User avatar
RSBasic
Moderator
Moderator
Posts: 1218
Joined: Thu Dec 31, 2009 11:05 pm
Location: Gernsbach (Germany)
Contact:

Re: Oh crap... PB ransomware

Post by RSBasic »

:shock:
Image
Image
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Oh crap... PB ransomware

Post by BarryG »

Wow! Detailed info:

https://www.intezer.com/blog-purelocker ... t-servers/

PureBasic will definitely get more exposure from this, but perhaps not in a good way. :(
User avatar
DK_PETER
Addict
Addict
Posts: 898
Joined: Sat Feb 19, 2011 10:06 am
Location: Denmark
Contact:

Re: Oh crap... PB ransomware

Post by DK_PETER »

BarryG wrote:Wow! Detailed info:

https://www.intezer.com/blog-purelocker ... t-servers/

PureBasic will definitely get more exposure from this, but perhaps not in a good way. :(
It will get both. ANY language can be used in truly annoying ways. I'm amazed if it hasn't been done before in Purebasic
sometime in the past..
In the meantime Purebasic will get a lot more exposure - in a good way. :-)
Current configurations:
Ubuntu 20.04/64 bit - Window 10 64 bit
Intel 6800K, GeForce Gtx 1060, 32 gb ram.
Amd Ryzen 9 5950X, GeForce 3070, 128 gb ram.
User avatar
NicTheQuick
Addict
Addict
Posts: 1224
Joined: Sun Jun 22, 2003 7:43 pm
Location: Germany, Saarbrücken
Contact:

Re: Oh crap... PB ransomware

Post by NicTheQuick »

intezer.com wrote:The ransomware then secure-deletes the original files in order to prevent recovery.
Wasn't there a user recently who wanted to know how to wipe files securely? :P
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
User avatar
StarBootics
Addict
Addict
Posts: 984
Joined: Sun Jul 07, 2013 11:35 am
Location: Canada

Re: Oh crap... PB ransomware

Post by StarBootics »

Very sad news :(
The Stone Age did not end due to a shortage of stones !
User avatar
Tenaja
Addict
Addict
Posts: 1948
Joined: Tue Nov 09, 2010 10:15 pm

Re: Oh crap... PB ransomware

Post by Tenaja »

I had to have been used before, since most av's flag so many programs we are writing. I've had to add whitelists to every av I've used.
Fred
Administrator
Administrator
Posts: 16619
Joined: Fri May 17, 2002 4:39 pm
Location: France
Contact:

Re: Oh crap... PB ransomware

Post by Fred »

That's definitely not good exposure and antivirus will raise the bar against PB exec for sure :(
wombats
Enthusiast
Enthusiast
Posts: 663
Joined: Thu Dec 29, 2011 5:03 pm

Re: Oh crap... PB ransomware

Post by wombats »

Ugh, I hate this. PureBasic is so awesome and shouldn't be used for criminal purposes. :(
User avatar
oreopa
Enthusiast
Enthusiast
Posts: 281
Joined: Sat Jun 24, 2006 3:29 am
Location: Edinburgh, Scotland.

Re: Oh crap... PB ransomware

Post by oreopa »

There have been a few strange posts in the past about this sort of thing - or at least it sounded a lot like it. Users with 1 or so posts asking questions that just didn't seem right. It's very hard to determine the legitimacy of a users question, unless they are around for a while. I'm all for all sorts of hacking - black/white/pink/rasta hat... but only out of a proof of concept interest.

Ransomware is a sucky concept - but as far as I know it's pretty hard to be caught with it if you are not downloading and executing everything like a lunatic.

It's not PB's "fault" it is a good dev envirnoment for malware. That just shows it is simply a good dev environment. You can make anything.
Proud supporter of PB! * Musician * C64/6502 Freak
Justin
Addict
Addict
Posts: 829
Joined: Sat Apr 26, 2003 2:49 pm

Re: Oh crap... PB ransomware

Post by Justin »

I don't use AVs and have little idea about signatures, etc...
But why this?:
AV vendors have trouble generating reliable detection signatures for PureBasic binaries
It would be easier to detect if it was written in plain c using some free compiler?
What makes pb exes diffrent?
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Oh crap... PB ransomware

Post by skywalk »

The statement is too nebulous.
There was mention of telemetry api's compiled into visual studio app's. I thought pb would have those also if the compiler is compiled in VS 2013/15.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
HanPBF
Enthusiast
Enthusiast
Posts: 563
Joined: Fri Feb 19, 2010 3:42 am

Re: Oh crap... PB ransomware

Post by HanPBF »

I have banned PureBasic from my developments being always afraid of possible antivirus problems.
Even more, tomorrow I gonna have to ban PureBasic completely from my office PC.
That makes me sad... :cry:


Also my question: "Is there anything making PB's exes special separate from being very efficient?"
Sometimes I wonder if antivirus detection thinks "a program can not be that small" or something similar...
HanPBF
Enthusiast
Enthusiast
Posts: 563
Joined: Fri Feb 19, 2010 3:42 am

Re: Oh crap... PB ransomware

Post by HanPBF »

Hmmmh...
If I have the source and make it public to the internal users and assume that there is no malware in PureBasic itself, is this a real big problem in an Intranet environment?

Some colleagues often ask me to send them links to file shares so they can click on it and explorer opens immediately.
And I always answer: no, I will not send You clickable links.
Those are the things (from other senders) that are dangerous and not the knife who built the wood carving, correct?
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Oh crap... PB ransomware

Post by BarryG »

HanPBF wrote:I have banned PureBasic from my developments being always afraid of possible antivirus problems.
Even more, tomorrow I gonna have to ban PureBasic completely from my office PC.
What? Why? PureBasic isn't infected or has malware. An executable compiled with it is. What you're saying is like banning Excel because someone made a bad spreadsheet.
HanPBF wrote:Sometimes I wonder if antivirus detection thinks "a program can not be that small"
No, it's not that: I (and others) have tested this before by adding extra bloat to their exes, making them between 10 MB and 150 MB in size. And there's lots of other small exes (under 1 MB) written in other languages that don't get flagged. I have plenty of them on my PC.

One of my apps recently got flagged with 13 "viruses" (in reality: false positives) by VirusTotal. I was using the 32-bit compiler of PureBasic. I compiled the same app with the 64-bit version and only got 2 false positives. Says a lot.

Adding version info to your PureBasic exe can reduce false positives. My example app above didn't have it at first, and had about 4 extra false-positives until I added it.

Don't get too hung up on digitally signing your exes, either: there's another current ransomware (Megacortex) who's exe is digitally signed to a company in Australia. So, signing doesn't provide protection or "prove" that an exe is safe at all.

PureLocker requires admin rights to run, which nobody should really be doing anyway; plus it uses code from other ransomware apps, so it will soon be easy for AV to detect because the other code signatures are well-known.

There's no reason to ditch PureBasic over this.
Post Reply