Mirage Anti-Bot 1.0

http://fred-de-vries.blogspot.com/2012/02/news-mirage-anti-bot.html

 

Your link is not working...get the message of

Here's a different link- http://fred-de-vries.blogspot.com/2012/02/released-mirage-anti-bot-10.html

PS- in Chrome I get a message of "The java plug-in needs your permission to run" when I access the page.

 

@acr1965: This problem arose because I removed the original post that announced the release of Mirage Anti-Bot. Sorry about that.

Please mail me find bugs, experience problems or have suggestions.

 

Installed (on W7 32bit)...Unobtrusive, just runs gently in the background, constantly updating, and using minimal resources. Could be a useful little additional security "layer". Hopefully user more knowledgable than myself may give an opinion.

 

My bet is that they/the author is making use of the abuse.ch Palevo, SpyEye and ZeuS trackers to get the data.

 

Correct m00nbl00d

 

LOL! I missed that part!

 

By the way, at least one antivirus (Kaspersky) detects the file as being malware. I don't recall the exact name; I scanned it this afternoon and forgot to mention it.

Maybe you'd like to get in touch with the security vendors flagging your tool.

 

Kaspersky is reporting that Mirage Anti-Bot 1.0 is malware. Panda finds it a suspicious file. I have contacted both companies.

 

Is this suitable for my 64bit setup as seen in my sig? Whats the cost?

Best regards

 

Now COMODO also detects it as UnclassifiedMalware.

 

Also: Symantec now detects it as WS.Reputation.1

I hate that when that happens.

Contacted them.

 

COMODO already corrected the FP, but the others still flag it. I suppose it would take them less time, were you a big player.

 

They still haven't fixed the false positives. Heck, they had more than enough days, no?

Indeed, false positives are a plague, in many ways.

 

Also, I want to know if it runs on 64 bit Windows. Because RUBotted does not.

 

@Rivalen:
- Yes, it runs on a 64bit setup.
- Mirage Anti-Bot 1.0 is free to use.

@m00nbl00d:
Symantec fixed the false positive. Now only Panda remains.

 

Thanks.
Kingsoft also detected it. I reported that as FP.

 

If Panda do not fix you can PM pbust.

 

1. Where does it save its downloaded database? Because I can't find anything other than a exe file and a config.ini file.
2. There isn't any option to run it automatically with windows. I know how to start an exe automatically with windows but that option is indeed needed.
3. Add proxy authentication in connection panel.
4. How frequently does it check for updates?

 

Also add a quit warning when closing from tray.

 

@sg09:
1. It puts it's info directly in the hostfile. A database or signature file is therefore not needed.
2. This option will be available in version 1.1
3. This option will probably available in version 1.1
4. It checks for updates every ten minutes
5. Quit warning option will also be included in version 1.1

 

I would like to be able to choose how often it checks for updates.

Best Regards

 

So, it just uses the hosts file? Nothing against that, but why not enhance it to also block C&C IPs?

 

@fredvries: Thanks for replying. But I can see only the following entry in the host file

 

@sg09:

We will fix this as soon as possible. Thanks for alerting us.