Author Topic: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)  (Read 10217 times)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25477
Previous Thread

Comodo is constantly improving its whitelist. This makes CIS more user friendly but does, in some circumstances, have some downsides. Some malware may sometimes be trusted because it is signed by a trusted certificate or perhaps the vendor was trustworthy, but then changed their ways. This is rare, but it does happen.

Regardless of how it happens it's important to take action against this. If you find malware that is whitelisted, but seems suspicious, please report it here. The name of the trusted vendor, or any other information, is also useful.

Upload these files to one of the following services and post a link to the results:

Comodo Instant Malware Analysis
or Comodo Valkyrie
or VirusTotal


DO NOT attach or link any malware or malicious links to your post.

When coming across a malware signed by Comodo please follow the steps as described in How to report fraudulent or malicious use of certificates issued by Comodo:
Quote
Code Signing Certificates

If you have come across malware signed with a Comodo issued Code Signing certificate please send as much detail as possible to:

signedmalwarealert[at]comodo.com

Helpful details include:
link to the signed malware
screenshots of the certificate details showing the signer organization or certificate serial number or other details which will help us identify the certificate
a copy of the actual certificate if possible
This article also describes how to report fraudulent and phishing emails using Comodo SSL/TLS certificates (but this is not pertinent for this topic).

Offline meldan

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 3243
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #1 on: January 01, 2016, 03:55:55 PM »
Hi,

Thank you for your submission. We'll check this.

Kind Regards,
Erik M.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline HariKrishnan

  • First Response Group
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #3 on: January 12, 2016, 06:36:34 AM »
Hi yigido,

Thank you for reporting, we'll check it.

Regards,
harikrishnan M

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5718
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2099
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #5 on: January 13, 2016, 10:00:09 PM »
Hi wasgij6,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Best regards
Qiuhui.Wang

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3555
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #7 on: January 15, 2016, 12:44:40 PM »
Hello yigido,

Thank you for reporting this, we'll check it.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.


Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3555
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #9 on: January 19, 2016, 07:37:23 AM »
Hello zOn3k,

Thank you for reporting this, we'll check it.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.


Offline zOn3k

  • Comodo Family Member
  • ***
  • Posts: 51
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #11 on: January 19, 2016, 07:55:33 AM »
It's already detected from what you've posted.  :-\

Hello and thanks for your reply...
Look at this screenshots please...

[attachment deleted by admin]

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3555
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #12 on: January 19, 2016, 08:41:21 AM »
Hello zOn3k,

Maybe you have added this sample to your Trusted files, please check on your side.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline zOn3k

  • Comodo Family Member
  • ***
  • Posts: 51
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #13 on: January 19, 2016, 08:52:30 AM »
Hello zOn3k,

Maybe you have added this sample to your Trusted files, please check on your side.

Best regards,
FlorinG

Hello FlorinG...
No i don't have it to my trusted files...

[attachment deleted by admin]

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5718
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek