Be careful when installing your VPN service client .exe

ComputerSaysNo · #1 October 12th, 2012, 02:30 AM

Please check your VPN service client .exe's against VirusTotal.com. I've tested a few and some are Trojan droppers, some are false positives and others are OK.

The last thing you want is to get backdoored with your VPN service.

Taliscicero · #2 October 14th, 2012, 01:23 PM

If your talking about BolehVPN its well known and BD is too lazy to fix.

mirimir · #3 October 14th, 2012, 03:56 PM

Just use OpenVPN.

Snowden · #4 October 14th, 2012, 05:15 PM

Quote:

Originally Posted by CubonesCastle

If your talking about BolehVPN its well known and BD is too lazy to fix.

Say again?

LockBox · #5 October 14th, 2012, 08:02 PM

Quote:

Originally Posted by ComputerSaysNo

Please check your VPN service client .exe's against VirusTotal.com. I've tested a few and some are Trojan droppers, some are false positives and others are OK.

The last thing you want is to get backdoored with your VPN service.

There have been problems for years with false positives on SSL VPN clients. Just when most have been fixed, along comes another. It's a problem with the the low-level nature of the TAP drivers.

You said that you tested some that were, in fact, infected. Name names. What service did this? Or, was it a MITM attack?

`

ComputerSaysNo · #6 October 14th, 2012, 10:08 PM

Yeah... Thing is they will change up if named. So let me re-check them first. 2 are very well known though.

Rowmon · #7 October 14th, 2012, 11:19 PM

Hey,

I've purchased VPNs that had their own client and the UI was all pretty and full of features but I couldn't trust them. They also seemed to be based off outdated versions, so I felt they could be vulnerable. I've noticed however, if you ask support they can always organize a configuration to apply to the official OpenVPN client instead. I'd say that's the safer way.

Snowden · #8 October 15th, 2012, 02:31 AM

Why was boleh mentioned? I've been using them for over six months and have never heard one issue

mirimir · #9 October 15th, 2012, 03:45 AM

Quote:

Originally Posted by Snowden

Why was boleh mentioned? I've been using them for over six months and have never heard one issue

I think that CubonesCastle was saying that BolehVPN's installer triggers some anti malware software, and that it's a false positive. Yes?

scriptolab · #10 October 16th, 2012, 12:10 PM

I assume it's a false positive, as panda deleted the exe automatically. (bolehvpn).
Any confirmations?

Taliscicero · #11 October 18th, 2012, 05:28 PM

Its a FP, a few engines detect it as such. Something to do with the low level crypto that their software uses.

Trojen swizzor with bitdefender. Just use hitmanpro when you have boleh on your machine and G-data + emsisoft will flag it due to their shared BD engine.

LockBox · #12 October 19th, 2012, 04:53 PM

In other words, this is a non-issue. Unless, of course, he's come up with names for VPN clients that really were trojans.

DasFox · #13 October 19th, 2012, 09:33 PM

Quote:

Originally Posted by CubonesCastle

If your talking about BolehVPN its well known and BD is too lazy to fix.

What's well known and who's BD?

Let's be careful about how we speak about a business you make this look bad for others and I've put my name on the line many times for this VPN that I happen to know is very good and no I don't work for them either....

Taliscicero · #14 October 20th, 2012, 03:44 AM

Quote:

Originally Posted by DasFox

What's well known and who's BD?

Let's be careful about how we speak about a business you make this look bad for others and I've put my name on the line many times for this VPN that I happen to know is very good and no I don't work for them either....

Dude.. I use BolehVPN and love it too. I was simply saying "BD -> BitDefender" has a heuristic detection false positive with Bolehvpn's GUI. I have mentioned it to BitDefender and Boleh. Boleh tried to get BitDefender to remove the detection but there is no auto-upload feature of false samples to BitDefender, and as such they had to ask on the english forum, but nothing was done because BitDefender team did not care to change it or test it.

ComputerSaysNo · #15 October 21st, 2012, 12:22 AM

Quote:

Originally Posted by LockBox

In other words, this is a non-issue. Unless, of course, he's come up with names for VPN clients that really were trojans.

No this is a real issue. You can be sure it's happening.

mirimir · #16 October 21st, 2012, 03:06 AM

Quote:

Originally Posted by ComputerSaysNo

No this is a real issue. You can be sure it's happening.

What about OpenVPN itself?

bolehvpn · #17 October 24th, 2012, 04:05 AM

We tried getting ourselves removed from BitDefender's list but our thread was ignored.

We got ourselves removed from a couple of others though including Norton and stuff.

But I can confirm that this is a FALSE POSITIVE.

Appreciate if you guys get these detections to also help us out and submit these false reports to the Antivirus providers so that they themselves can manually check it and approve (which good AV providers do).

pbust · #18 November 5th, 2012, 08:34 PM

Quote:

Originally Posted by bolehvpn

We got ourselves removed from a couple of others though including Norton and stuff.

I haven't seen the detection details but if Panda is throwing an FP on your files please PM me directly.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search