New trojans detected

[Gavin - DiamondCS]

There has been 2 big releases in the last 24 hours:
RAT.Optix Pro 1.0
RAT.Bionet 4.0.1

We've just finished adding comprehensive detection for both, and a preliminary update is available from this single update server at this time:
http://www.diamondcslabs.com/radius.td3

For TDS v3.2.1 the built-in updater will automatically use this server first. All update servers will be refreshed tonight (in approx. 3 hours from the time of this post) with the latest update along with detection of several more trojans.

I also currently have Advanced generic Bionet and Optix Pro detection in the works, this should be built into tonights final update.

[Paul Wilders]

Hi Gavin,

Nice work! Bionet v4.0.1 has been released just yesterday - and you guys are on top of it already.

I'll copy and paste your post to the TDS forum as well, since your additional info surely belongs over there as well.

regards.

paul

[Gavin - DiamondCS]

Hi Paul,

Especially happy with the upcoming Bionet generics, Bionet 3.x detection was similar, and TDS in all honesty is a fortress against and completely stops Bionet 3.x

Bionet 4 has nothing on 3.x ! in fact it should be called 3.20 - I don't know what happened there, this is no major update as users were expecting (and us, in preparation of its release)

[Paul Wilders]

Hi Gavin,

You should be happy indeed with the upcoming BN generics - I am.

As for Bionet v4.0.1, I guess you are right. The coder does not regard this version as a stable one - could well be a new version will be coming up soon (you know how he has been pushed and pushed again to come up with a new version - had to come up with something in the end I suppose..).

regards.

paul

[Gavin - DiamondCS]

Hi everyone, just an update on this..

Since the recent releases of Bionet 4.00.02/4.00.03 and Optix Pro 1.1 as updates to these trojans, we have found that before analysis, the packed variants of these trojans were detected perfectly by the Advanced Scanning component in TDS. Even without a database update, users were protected from these heavily used trojans, in many packed variants - from just FILE scanning. We are proud of the detection abilities and will continue to work on such good detection of heavily used trojans

On another bright note, we quickly broke the current encryption schemes of BOTH trojans, and can give users the configuration from the servers if this information is requested. This involved some tricky cryptanalysis, however we believe it was worth the effort

[Mr.Blaze]

you guys are so lucky i dont know code lol of course id never make anything evill just funny stuff lol.

where when you move your mouse to click on an icon to start a program the icon gets up and runs alway from the mouse pointer lol

if you guys ever see anything that funny i sugest you worry cause i just learnd code

[Technodrome]

Are you suggesting MRBLAZE, that you are a virus writer of W32.Magistr.24876@mm ?

Technodrome

[Mr.Blaze]

NO I DONT KNOW CODE WHATS THAT THING YOU SAID DOES IT DO WHAT I SAID LOL NO WAY THATS TO FUNNY

[Mr.Blaze]

http://www.symantec.com/avcenter/venc/data/w32.magistr.24876@mm.html SOME ONE BEAT ME TO IT

THAT OK *MINE WILL GROW LEGS AND RUN AROUND THE SCREEN DODGEING AND DIVEING ALWAY FROM THE CURSEOR LOL

[Mr.Blaze]

LIKE I SAID IT BE A FUNY THING SO AFTER REBOOT IT REMOVES ITSELF LOL I NEVER MAKE ANYTHING HARMFUL THATS NOT FUN AND WHATS THE POINT LOL

[Technodrome]

MRBLAZE Troublemaker....I mean FUNMAKER !!! *

Technodrome

[Jooske]

Maybe you can show us some, maybe in SS3 script in SS3 but please in the private forum. I mean no viruses, of course, but some funny effects, movements, just happy harmless little things.
What you just described might need JS, not sure about that, but SS3 reads that as well. You might like to run after your MrBlze script to press a button for other scripts to play, etc. with the agents it might be lots less difficult, not sure.....

[Jooske]

Quote:

* *

*
* *

hahahahahaha just a friendly note to say i like your forum alot!....it contributes alot to my programs. So thankyou very much!

[Checkout]

Quote:

it contributes alot to my programs.

(And hello.)