New trojans detected

Discussion in 'malware problems & news' started by Gavin - DiamondCS, Apr 3, 2002.

Thread Status:
Not open for further replies.
  1. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    There has been 2 big releases in the last 24 hours:
    RAT.Optix Pro 1.0
    RAT.Bionet 4.0.1

    We've just finished adding comprehensive detection for both, and a preliminary update is available from this single update server at this time:
    http://www.diamondcslabs.com/radius.td3

    For TDS v3.2.1 the built-in updater will automatically use this server first. All update servers will be refreshed tonight (in approx. 3 hours from the time of this post) with the latest update along with detection of several more trojans.

    I also currently have Advanced generic Bionet and Optix Pro detection in the works, this should be built into tonights final update.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Gavin,

    Nice work! Bionet v4.0.1 has been released just yesterday - and you guys are on top of it already.

    I'll copy and paste your post to the TDS forum as well, since your additional info surely belongs over there as well.

    regards.

    paul
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi Paul,

    Especially happy with the upcoming Bionet generics, Bionet 3.x detection was similar, and TDS in all honesty is a fortress against and completely stops Bionet 3.x :)

    Bionet 4 has nothing on 3.x ! in fact it should be called 3.20 - I don't know what happened there, this is no major update as users were expecting (and us, in preparation of its release)
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Gavin,

    You should be happy indeed with the upcoming BN generics :) - I am.

    As for Bionet v4.0.1, I guess you are right. The coder does not regard this version as a stable one - could well be a new version will be coming up soon (you know how he has been pushed and pushed again to come up with a new version - had to come up with something in the end I suppose..).

    regards.

    paul
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi everyone, just an update on this..

    Since the recent releases of Bionet 4.00.02/4.00.03 and Optix Pro 1.1 as updates to these trojans, we have found that before analysis, the packed variants of these trojans were detected perfectly by the Advanced Scanning component in TDS. Even without a database update, users were protected from these heavily used trojans, in many packed variants - from just FILE scanning. We are proud of the detection abilities and will continue to work on such good detection of heavily used trojans :)

    On another bright note, we quickly broke the current encryption schemes of BOTH trojans, and can give users the configuration from the servers if this information is requested. This involved some tricky cryptanalysis, however we believe it was worth the effort :)
     
  6. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dyou guys are so lucky i dont know code lol of course id never make anything evill just funny stuff lol.

    where when you move your mouse to click on an icon to start a program the icon gets up and runs alway from the mouse pointer lol :D

    :Dif you guys ever see anything that funny i sugest you worry cause i just learnd code :D
     
  7. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Are you suggesting MRBLAZE, that you are a virus writer of W32.Magistr.24876@mm ?

    Technodrome
     
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :DNO I DONT KNOW CODE WHATS THAT THING YOU SAID DOES IT DO WHAT I SAID LOL NO WAY THATS TO FUNNY
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :'(http://www.symantec.com/avcenter/venc/data/w32.magistr.24876@mm.html SOME ONE BEAT ME TO IT

    THAT OK  MINE WILL GROW LEGS AND RUN AROUND THE SCREEN DODGEING AND DIVEING ALWAY FROM THE CURSEOR LOL
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :DLIKE I SAID IT BE A FUNY THING SO AFTER REBOOT IT REMOVES ITSELF LOL I NEVER MAKE ANYTHING HARMFUL THATS NOT FUN AND WHATS THE POINT LOL
     
  11. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    MRBLAZE Troublemaker....I mean FUNMAKER !!!  :D

    Technodrome
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Maybe you can show us some, maybe in SS3 script in SS3 but please in the private forum. I mean no viruses, of course, but some funny effects, movements, just happy harmless little things.
    What you just described might need JS, not sure about that, but SS3 reads that as well. You might like to run after your MrBlze script to press a button for other scripts to play, etc. with the agents it might be lots less difficult, not sure.....
     
  13. s13az3

    s13az3 Guest

  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
     
  15. s13az3

    s13az3 Guest

    hahahahahaha just a friendly :) note to say i like your forum alot!....it contributes alot to my programs. So thankyou very much!
     
  16. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    o_O

    (And hello.)
     
Loading...
Thread Status:
Not open for further replies.