Author Topic: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)  (Read 7228 times)

Offline malware1

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 3266
Previous Thread

Comodo is constantly improving its whitelist. This makes CIS more user friendly but does, in some circumstances, have some downsides. Some malware may sometimes be trusted because it is signed by a trusted certificate or perhaps the vendor was trustworthy, but then changed their ways. This is rare, but it does happen.

Regardless of how it happens it's important to take action against this. If you find malware that is whitelisted, but seems suspicious, please report it here. The name of the trusted vendor, or any other information, is also useful.

Upload these files to one of the following services and post a link to the results:

Comodo Instant Malware Analysis
or Comodo Valkyrie
or VirusTotal


DO NOT attach or link any malware or malicious links to your post.

When coming across a malware signed by Comodo please follow the steps as described in How to report fraudulent or malicious use of certificates issued by Comodo:
Quote
Code Signing Certificates

If you have come across malware signed with a Comodo issued Code Signing certificate please send as much detail as possible to:

signedmalwarealert[at]comodo.com

Helpful details include:
link to the signed malware
screenshots of the certificate details showing the signer organization or certificate serial number or other details which will help us identify the certificate
a copy of the actual certificate if possible
This article also describes how to report fraudulent and phishing emails using Comodo SSL/TLS certificates (but this is not pertinent for this topic).
« Last Edit: November 24, 2015, 12:31:09 PM by EricJH »

Offline Netguy101

  • Comodo's Hero
  • *****
  • Posts: 1479

Offline Navya

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 222
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #2 on: February 18, 2015, 08:03:50 AM »
Hi Netguy101,

Thank you for reporting, we'll check it.

Regards,
Navya

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #3 on: March 10, 2015, 11:43:34 AM »
Please remove the vendor "Elex do Brasil Participações Ltda" from TVL - They are the vendors of YAC, a software that is stealing Malwarebytes database and engine. They are scammers and should not be trusted.

More information: https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/

Offline Siketa

  • Comodo's Hero
  • *****
  • Posts: 5066
  • ZIG ZAG
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #4 on: March 10, 2015, 01:55:40 PM »
Have they removed IOBit?

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #5 on: March 10, 2015, 02:24:31 PM »
Have they removed IOBit?

 !ot! You have to admit that YAC looks very suspicious. When installed it can literally destroy an Operating System. IOBit on the other hand at least produce good and usable softwares. But YAC is a ROGUE software and that is the truth. They are fraudsters trying to make money and should be removed from TVL ASAP.

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3557
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #6 on: March 10, 2015, 03:05:38 PM »
Please remove the vendor "Elex do Brasil Participações Ltda" from TVL - They are the vendors of YAC, a software that is stealing Malwarebytes database and engine. They are scammers and should not be trusted.

More information: https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/

Hello devilbat66,

Thank you for reporting this, we'll check it.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #7 on: April 16, 2015, 04:22:01 PM »
Please remove from TVL the following vendors:

Small Business Advertising Agency

The Better Advertising Project

AD ON Multimedia Advertising GmbH

Shenyang Zhaoheshengshi Advertising Co., LTD

Conduits Technologies, Inc.

Question: Why are "Advertising companys" on Trusted Vendors List? In 99% cases, these "Advertising companys" are Adware/PUP/Spyware distributors.
« Last Edit: April 16, 2015, 04:28:09 PM by devilbat66 »

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #8 on: April 18, 2015, 02:56:42 PM »
Please check the following vendors for possible removal:

ONYX Advertus d. o. o.

eMusic.com Inc.

Reimage Limited

more information on Reimage Limited: http://www.herdprotect.com/signer-reimage-limited-3f75b6fa72b8cde336a61550c70978d2.aspx (they are distributing PUPs)
« Last Edit: April 18, 2015, 03:08:04 PM by devilbat66 »

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #9 on: April 18, 2015, 06:47:44 PM »
Hi, devilbat66

Thank you for your submission.
We'll check these.

Best regards
Chunli.chen

Offline Netguy101

  • Comodo's Hero
  • *****
  • Posts: 1479
« Last Edit: April 19, 2015, 07:28:11 PM by Netguy101 »

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #11 on: April 19, 2015, 08:06:17 PM »
Hi,Netguy101

Thank you for your submission.
We'll check these.

Best regards
Chunli.chen

Offline malware1

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 3266
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #12 on: April 20, 2015, 11:37:19 AM »
c0e28878041f7708bc82dd28153719e88a91c1ba

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3557
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #13 on: April 20, 2015, 03:00:02 PM »
Hello malware1,

Thank you for reporting this, we'll check it.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline Wisdom

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1050
  • Default-Deny Protection
    • CFI
Re: Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)
« Reply #14 on: April 24, 2015, 03:09:49 PM »
MD5: 248a6e10030e47321d7e3dec8fad1f02
SHA1:  845375153ef1c20a95f57281bca4784f65f4191a

https://www.virustotal.com/en/file/cdbb76fc1f4495942f5d9db90a79f58992facf1a0ad14bab6c4c6577fb34fcf7/analysis/1429902382/
Heuristics: detecting tomorrow’s threats today

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek