Stuxnet .(lnk exploit malware) versus HIPS

You're conducting some very interesting tests. Could you please share the hash of the file you're doing the tests with? I think I might be in possession of it!

 

To all, pls I aologize in advance that I can,t do tests on request. Anyone interested can PM me to get the sample( just PM, don,t ask openly in the thread) and do their own testing. Hope you people will not mind!

 

1- No outgoing alert with FW in safe mode.
2- Windows XP Home SP2 not fully patched

 

Yes, just like Comodo v 3 but practically you can,t use these settings, totally impractical.

 

MD5 055a3421813caf77e1387ff77b2e2e28

 

umm...i run comodo version 5.3.50343.1237 on xp sp2 and it stopped the attack partially if it could be said so
look pictures

 

Will try later with Allah,s will. I don,t expect it will pass as rundll32.exe is not involved here at all.

 

Any thing in Comodo log?

May be it,s due to the way Comodo deals with shell32.dll, and not due to interception of malicious dll itself by Comodo. Just a wild guess.

 

Yes of course it would if configured correctly.


Anti executable 4 would also pass, I believe AE4 intercepts dll's now

 

Please test www.spyshelter.com

 

Same with OA even if you allow the alerts!

 

i tested CFW v5.3 thru sandboxie. I can't see it loading dll except the attached alert from the execution of malware...
I don't see malicious dll being loaded. I have verified with gmer and process explorer.

 

I don,t think that it,s a good way to test Comodo with malware running inside SBIE.

However I can confirm that if I run it with Comodo, malicious dll is loaded but it doesn,t loads further malicious modules( as shown by gmer- see the post above by 'superior'). Same is true if I run it with OA and allow all prompts. I don,t know what does all this mean.

 

thanks for the inputs aigle.
Yes, i know that testing malware in sbie would not correctly tell the protection efficacy of comodo.
Are you testing comodo in virtualbox?

Thanks,
Harsha

 

can anyone plz test spy shelter against this? Thanks

 

predictable result ....epic failed
i tested it i mean

 

wow .

 

No, on real system with CTM.

 

Comodo fails it?
Do not worry. Microsoft have already fixed the bug
Just install latest update for your OS.
I have Win7 SP1 64 bit. No dll was injected. Previously it was possible to inject dll

 

are you offering a benign exploit of the relevant vulnerability here, or offering to distribute the actual stuxnet malware to anyone who asks in private?

 

Both, keep rest to PMs.

 

Hi,


Did you test Comodo using settings per this YouTube video? :


http://www.youtube.com/watch?v=D9BPONNYk_g



I ask because I'm running just the firewall (not the AV) alongside with ESET NOD32 v4.2 on Windows 7 Pro 32-bit and I'm kind of curious if their HIPS let this worm through.

Thanks


Carlos

 

Not to sound harsh, but if you're not on a pirated copy of Windows which does not allow you to update it, you're already safe from this infection. I rarely get into these kind of discussions any longer... just my two cents.

 

it allows update

sorry for the bad news

 

I'm not sure I understand the meaning of your post. What is the bad news? That (your?) a pirated copy of Windows allowed you to update? Or that the actual bad news is that the infection is still valid for updated OSs? I'm not aware of that this exploit works on updated Windows machines.