Author Topic: Flame detect  (Read 10606 times)

Offline Cobaltblue

  • Newbie
  • *
  • Posts: 4
Flame detect
« on: June 01, 2012, 11:26:13 PM »
Can CIMA detect flame ?

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5535
Re: Flame detect
« Reply #1 on: June 02, 2012, 02:01:46 AM »
it might help to say what "flame" is
| Win 10 Pro (x64) | UAC Disabled | CFW | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23808
Re: Flame detect
« Reply #2 on: June 02, 2012, 12:56:09 PM »
It's a big viurs with target to collect lot's of information from organisations: http://www.wired.com/threatlevel/2012/05/flame/all/1 .

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2083
Re: Flame detect
« Reply #3 on: June 02, 2012, 11:25:18 PM »
Yes, comodo already has the sample for it and it will flag it.   :) 
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline SiberLynx

  • Comodo's Hero
  • *****
  • Posts: 2194
Re: Flame detect
« Reply #4 on: June 03, 2012, 12:30:52 AM »
Yes, comodo already has the sample for it and it will flag it.   :) 
Hi, jay2007tech

Are you so sure? ;)

And even if you are - we need more details
This is a malware that has an ability of being dynamically changed - it's "already there", remember that?

... saying no more ... at the moment

My main question is to OP

Cobaltblue,

Why would you ask  about CIMA? How can any or alike service help?
I'm sure you've read about this infection before asking.

So, what executables?; how many? & for how long? would you send to CIMA?
What would be a benefit of doing that?

And after all who cares (I mean the devs of that particular malware) what do you personnaly have on your private PC?
They have a specific goal to achieve, aren't they? (Are you into in-home nuclear development?  :D)     

So, at the moment if you were hit by this malware, which is most unlikely please wait for their own cleaning/self destroying utility - it will wipe it out completely , because they are not interested in any of your conversations, images, videos  sent to your girlfriend/grandma/ etc.

Cheers!
Main OS - Ubuntu
XP Pro, SP3 (32bit), Admin; Comodo Firewall 3.14.130099.587; Proactive with Defense+; Emsisoft Anti-Malware v9; Sandboxie
Win 7 x64, Admin (UAC off); Win7 advanced FW +TinyWall; Emsisoft Anti-Malware v9; Sandboxie
Win 7 Ultimate 32bit (UAC off); Emsisoft Internet Security v9 beta

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2083
Re: Flame detect
« Reply #5 on: June 03, 2012, 12:57:11 AM »
Quote
Are you so sure?
Yes, I'm sure.  I have the malware (Yes, theres more then 1 file) and it flags it.  I gave languy a copy of what I have

Quote
This is a malware that has an ability of being dynamically changed

So can any malware, the only difference is it's got the media's attention.  You don't see "TDSS" or "poison ivy"  making the local news

Quote
we need more details
Sure :)
http://arstechnica.com/security/2012/06/why-antivirus-companies-like-mine-failed-to-catch-flame-and-stuxnet/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
« Last Edit: June 03, 2012, 01:04:34 AM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline SiberLynx

  • Comodo's Hero
  • *****
  • Posts: 2194
Re: Flame detect
« Reply #6 on: June 03, 2012, 01:36:16 AM »
Yes, I'm sure.
Nahh! You are not!  ;)

I have the malware (Yes, theres more then 1 file) and it flags it.  I gave languy a copy of what I have
You may have "it" , but what is that silly lil part of "it" that can be recognized, when you have many files?
Then by "dynamically changed" I did not mean poly- or iso- morphic changes (which could be a part of a technique...  but just "as well") , please read again

So can any malware
Not true, because, as above - that is a completely different technique in this case

the only difference is it's got the media's attention
hmmm   88) I'm quite aware , but again we are talking about different things, as far as I can see
 You don't see "TDSS" or "poison ivy"  making the local news Sure :)
I do see a lot, do not be sarcastic, where it is not necessary... again...  we are talking about absolutely different things

As for the link provided by you:  
 
Sorry man, you contradicted yourself by posting the above

Quote
Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.


Finally , after all & again re: the initial request -  how CIMA can help?  You are talking about CIS, aren't you?

At the moment I do not see it being capable of neither identifying (unless very partially)
nor of completely cleaning the stuff we are talking about

Cheers!
« Last Edit: June 03, 2012, 06:01:17 PM by SiberLynx »
Main OS - Ubuntu
XP Pro, SP3 (32bit), Admin; Comodo Firewall 3.14.130099.587; Proactive with Defense+; Emsisoft Anti-Malware v9; Sandboxie
Win 7 x64, Admin (UAC off); Win7 advanced FW +TinyWall; Emsisoft Anti-Malware v9; Sandboxie
Win 7 Ultimate 32bit (UAC off); Emsisoft Internet Security v9 beta

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2083
Re: Flame detect
« Reply #7 on: June 03, 2012, 02:12:03 AM »
Quote
but what is that silly lil part of "it" that can be recognized, when you have many files?
If your asking me which ones get flagged based on what I have then comodo and emsisoft recognized the same ones .  Could there be ones out that are not recognized? <-- of course





It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek