Author Topic: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)  (Read 22112 times)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25106
Previous Thread

Comodo is constantly improving its whitelist. This makes CIS more user friendly but does, in some circumstances, have some downsides. Some malware may sometimes be trusted because it is signed by a trusted certificate or perhaps the vendor was trustworthy, but then changed their ways. This is rare, but it does happen.

Regardless of how it happens it's important to take action against this. If you find malware that is whitelisted, but seems suspicious, please report it here. The name of the trusted vendor, or any other information, is also useful.

Upload these files to one of the following services and post a link to the results:

Comodo Instant Malware Analysis
or Comodo Valkyrie
or VirusTotal


DO NOT attach or link any malware or malicious links to your post.

When coming across a malware signed by Comodo please follow the steps as described in How to report fraudulent or malicious use of certificates issued by Comodo:
Quote
Code Signing Certificates

If you have come across malware signed with a Comodo issued Code Signing certificate please send as much detail as possible to:

signedmalwarealert[at]comodo.com

Helpful details include:
link to the signed malware
screenshots of the certificate details showing the signer organization or certificate serial number or other details which will help us identify the certificate
a copy of the actual certificate if possible
This article also describes how to report fraudulent and phishing emails using Comodo SSL/TLS certificates (but this is not pertinent for this topic).

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 556
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #1 on: January 01, 2017, 01:06:40 AM »
Trojan.Generic

Important Information : This malicious File was signed with a VALID Certificate from Comodo !!!

https://valkyrie.comodo.com/get_info?sha1=cb6766e38986ec1f0b7b00c6e572a89a2401b219

Some suspicious Indicators : Anti-vm present (checks Version of Bios and queries Information about Disks) , Multiple malicious artifacts seen in the context of different hosts  , Opens the Kernel Security Device Driver (KsecDD) of Windows ,  Collects Information to fingerprint the System

« Last Edit: January 01, 2017, 01:12:04 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline pavithran

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 97
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #2 on: January 01, 2017, 01:34:22 AM »
Hi pio,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Pavithran G


Offline meldan

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 3240
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #4 on: January 01, 2017, 12:58:12 PM »
Hi,

Thank you for your submission.
We'll check them.

Kind Regards,
Erik M.


Offline pavithran

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 97
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #6 on: January 02, 2017, 02:39:56 AM »
Hi a77841s,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Pavithran G


Offline pavithran

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 97
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #8 on: January 02, 2017, 03:47:07 AM »
Hi a77841s,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Pavithran G


Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1073
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #9 on: January 13, 2017, 03:58:17 AM »
Why SpyShelter keylogger test tool has been whitelisted?
Then, it makes no sense to use it for testing... it's like to whitelist the EICAR test file...

https://www.spyshelter.com/download/AntiTest.zip

https://www.virustotal.com/it/file/fd17116c744e8bc8a3c36865877fb659e8660b0711a6f6883fb0270522bbe364/analysis/
« Last Edit: January 13, 2017, 04:03:35 AM by Jon79 »

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3547
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #10 on: January 13, 2017, 07:31:57 AM »
Hello Jon79,

The sample you have provided is not whitelisted.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1073
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #11 on: January 13, 2017, 08:02:15 AM »
I run it on CFW 10.0.0.6086 and it wasn't auto-sandboxed, then I checked the rating and it was "trusted"

Offline ya.q1

  • Comodo Family Member
  • ***
  • Posts: 71
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #12 on: February 03, 2017, 05:17:58 PM »
e40306d8dc24f9987fb4f8e5a4372baa4d88c74c
b9f2414d2cd8473edc30e86c6d250cfff64cc58d
5f39d325a6ca052b98170087042ef189ce10f235
dc329869c0219b45e31b2561fced5a2e096fb137

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2098
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #13 on: February 03, 2017, 06:22:07 PM »
Hi ya.q1,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Best regards
Qiuhui.Wang

Offline Wisdom

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1050
  • Default-Deny Protection
    • CFI
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #14 on: February 06, 2017, 11:30:41 AM »
26e787997a338d8111d96c9a4c103cf8ff0201ce
Heuristics: detecting tomorrow’s threats today

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek