Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page KillMBR malware - anyone tried/ tested it?
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old July 6th, 2008, 06:33 PM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,411
Default KillMBR malware - anyone tried/ tested it?
Anyone interested or tried it before? I will love to have some snapshots.

GesWAll
CFP Defence Plus
DefenceWall
ThreatFire
EQS

Thanks
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
  #2  
Old July 6th, 2008, 07:33 PM
CogitoErgoSum's Avatar
CogitoErgoSum CogitoErgoSum is offline
Frequent Poster
  
Join Date: Aug 2005
Location: Cerritos, California
Posts: 641
Default Re: KillMBR malware - anyone tried/ tested it?
Hello aigle,

I have tested such a malware sample a few weeks ago against DefenseWall(DW). Fortunately, DW was successfully able to block and contain it. As for snapshots, unfortunately, I am only interested in testing malware and observing their actions.


Peace & Gratitude,

CogitoErgoSum
__________________
Current Vista 32 SP2 Resident Security Arsenal: (DefenseWall Personal Firewall v3.11 - KeyScrambler Pro)

DefenseWall HIPS(http://www.softsphere.com/)

*Loyal & diehard DefenseWall user since 1/06!*
~Living dangerously without a resident antivirus since late 2/07!~
  #3  
Old July 6th, 2008, 07:49 PM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,411
Default Re: KillMBR malware - anyone tried/ tested it?
Quote:
Originally Posted by CogitoErgoSum
Hello aigle,

I have tested such a malware sample
Sorry, such a sample mean what exactly.
Quote:
Originally Posted by CogitoErgoSum
I am only interested in testing malware and observing their actions.
Me too but snapshots are a way of observation for a person who is not testing himslef.
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
  #4  
Old July 6th, 2008, 08:00 PM
CogitoErgoSum's Avatar
CogitoErgoSum CogitoErgoSum is offline
Frequent Poster
  
Join Date: Aug 2005
Location: Cerritos, California
Posts: 641
Default Re: KillMBR malware - anyone tried/ tested it?
Quote:
Originally Posted by aigle
Sorry, such a sample mean what exactly.

Hello aigle,

To clarify, I just wanted to say that I tested an actual KillMBR sample.


Peace & Gratitude,

CogitoErgoSum
__________________
Current Vista 32 SP2 Resident Security Arsenal: (DefenseWall Personal Firewall v3.11 - KeyScrambler Pro)

DefenseWall HIPS(http://www.softsphere.com/)

*Loyal & diehard DefenseWall user since 1/06!*
~Living dangerously without a resident antivirus since late 2/07!~
  #5  
Old July 6th, 2008, 08:14 PM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,411
Default Re: KillMBR malware - anyone tried/ tested it?
That,s clear now.

Thanks
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
  #6  
Old July 7th, 2008, 02:27 AM
fcukdat's Avatar
fcukdat fcukdat is offline
Malware Researcher
  
Join Date: Feb 2005
Location: England,UK
Posts: 569
Default Re: KillMBR malware - anyone tried/ tested it?
Hi Aigle,

It was used in this topic but the topic poster neglected to tell folks what they were using as *live* test

http://www.wilderssecurity.com/showthread.php?t=213351

I have samples
__________________
Ade Gill
Malwarebytes Researcher
  #7  
Old July 7th, 2008, 08:44 AM
controler's Avatar
controler controler is offline
Massive Poster
  
Join Date: Jun 2002
Posts: 3,268
Default Re: KillMBR malware - anyone tried/ tested it?
I don't know if I would trust VT or Jotti for scans.

If I remember right, this is why EP looked for other scaning sites. The maleware writers used to scan at VT when there was an option to NOT send the data to all AV makers. This way they could see if it was being flagged or even suspicious. Now I think they use other scan sites. EP's last POC was never detected by AV's or HIPS if I rmemeber right.



PLUS wasn't it Rustock C that was not flagged for over a year?
  #8  
Old July 7th, 2008, 10:04 AM
HURST's Avatar
HURST HURST is offline
Very Frequent Poster
  
Join Date: Jul 2007
Posts: 1,420
Default Re: KillMBR malware - anyone tried/ tested it?
Aigle I have samples too.
BTW SBIE blocks it.
__________________
I SandboxIE
  #9  
Old July 7th, 2008, 07:13 PM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,411
Default Re: KillMBR malware - anyone tried/ tested it?
Thanks. Good news.
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
  #10  
Old July 7th, 2008, 07:16 PM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,411
Default Re: KillMBR malware - anyone tried/ tested it?
Quote:
Originally Posted by fcukdat
Hi Aigle,

It was used in this topic but the topic poster neglected to tell folks what they were using as *live* test

http://www.wilderssecurity.com/showthread.php?t=213351

I have samples
Thanks a lot.

I just missed that thread.
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
  #11  
Old July 7th, 2008, 07:20 PM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,411
Default Re: KillMBR malware - anyone tried/ tested it?
Quote:
Originally Posted by aigle
Thanks a lot.

I just missed that thread.
Can anyone test with GesWall and TF?

Thanks
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
  #12  
Old July 7th, 2008, 07:39 PM
CogitoErgoSum's Avatar
CogitoErgoSum CogitoErgoSum is offline
Frequent Poster
  
Join Date: Aug 2005
Location: Cerritos, California
Posts: 641
Default Re: KillMBR malware - anyone tried/ tested it?
Hello aigle,

I also tested KillMBR against Primary Response Safeconnect(PRSC). Unfortunately, PRSC does not detect it.


Peace & Gratitude,

CogitoErgoSum
__________________
Current Vista 32 SP2 Resident Security Arsenal: (DefenseWall Personal Firewall v3.11 - KeyScrambler Pro)

DefenseWall HIPS(http://www.softsphere.com/)

*Loyal & diehard DefenseWall user since 1/06!*
~Living dangerously without a resident antivirus since late 2/07!~
  #13  
Old July 7th, 2008, 08:45 PM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,411
Default Re: KillMBR malware - anyone tried/ tested it?
Thanks for the info. Seems tey have not added such filters yet. Not sure about TF.
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
  #14  
Old July 10th, 2008, 06:22 AM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,411
Default Re: KillMBR malware - anyone tried/ tested it?
Anyone willing to test with GW n TF?

Thanks
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 08:35 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums