KillMBR malware - anyone tried/ tested it?

Discussion in 'malware problems & news' started by aigle, Jul 6, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Anyone interested or tried it before? I will love to have some snapshots.

    GesWAll
    CFP Defence Plus
    DefenceWall
    ThreatFire
    EQS

    Thanks
     
  2. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello aigle,

    I have tested such a malware sample a few weeks ago against DefenseWall(DW). Fortunately, DW was successfully able to block and contain it. As for snapshots, unfortunately, I am only interested in testing malware and observing their actions.


    Peace & Gratitude,

    CogitoErgoSum
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Sorry, such a sample mean what exactly.
    Me too but snapshots are a way of observation for a person who is not testing himslef.
     
  4. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello aigle,

    To clarify, I just wanted to say that I tested an actual KillMBR sample.


    Peace & Gratitude,

    CogitoErgoSum
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That,s clear now.

    Thanks
     
  6. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
  7. controler

    controler Guest

    I don't know if I would trust VT or Jotti for scans.

    If I remember right, this is why EP looked for other scaning sites. The maleware writers used to scan at VT when there was an option to NOT send the data to all AV makers. This way they could see if it was being flagged or even suspicious. Now I think they use other scan sites. EP's last POC was never detected by AV's or HIPS if I rmemeber right.



    PLUS wasn't it Rustock C that was not flagged for over a year?
     
  8. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Aigle I have samples too.
    BTW SBIE blocks it.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks. Good news.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Can anyone test with GesWall and TF?

    Thanks
     
  12. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello aigle,

    I also tested KillMBR against Primary Response Safeconnect(PRSC). Unfortunately, PRSC does not detect it.


    Peace & Gratitude,

    CogitoErgoSum
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks for the info. Seems tey have not added such filters yet. Not sure about TF.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Anyone willing to test with GW n TF?

    Thanks
     
Loading...
Thread Status:
Not open for further replies.