Author Topic: Avatar rootkit bypasses COMODO HIPS/Sandbox or not?  (Read 9086 times)

Offline malwarekiller

  • Comodo Loves me
  • ****
  • Posts: 194
Re: Avatar rootkit bypasses COMODO HIPS/Sandbox or not?
« Reply #15 on: June 05, 2013, 07:41:48 AM »
did anyone check if this bypasses the HIPS?

If you want sample PM me.

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26183
Re: Avatar rootkit bypasses COMODO HIPS/Sandbox or not?
« Reply #16 on: June 05, 2013, 10:50:29 AM »
did anyone check if this bypasses the HIPS?

If you want sample PM me.
Why are you not testing it yourself?

Offline malwarekiller

  • Comodo Loves me
  • ****
  • Posts: 194
Re: Avatar rootkit bypasses COMODO HIPS/Sandbox or not?
« Reply #17 on: June 05, 2013, 11:11:59 AM »
Why are you not testing it yourself?

Because I have messed by VM...More ever I am using VBox so test may be a a bit iffy.  :embarassed:

If anyone is interested,I will send them the sample for testing.

Offline nsm0220

  • Comodo Loves me
  • ****
  • Posts: 161
Re: Avatar rootkit bypasses COMODO HIPS/Sandbox or not?
« Reply #18 on: June 05, 2013, 02:46:18 PM »
Why are you not testing it yourself?

you made a good point there EricJH

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26183
Re: Avatar rootkit bypasses COMODO HIPS/Sandbox or not?
« Reply #19 on: June 05, 2013, 02:59:28 PM »
Because I have messed by VM...More ever I am using VBox so test may be a a bit iffy.  :embarassed:

If anyone is interested,I will send them the sample for testing.
I get it, I was wondering why you would not run it in a vm.

you made a good point there EricJH
It's not a point to make. I was just curiously wondering why.

You're walking a thin line here. This is seen as part of your warfare with malwarekiller. You are trying to diminish his contribution with every opportunity you get. Stop the war or face consequences. You are on our radar for quite a while now.

Don't reply to this in this topic.

Offline Flykite

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 516
Re: Avatar rootkit bypasses COMODO HIPS/Sandbox or not?
« Reply #20 on: June 05, 2013, 09:25:15 PM »
did anyone check if this bypasses the HIPS?
If you want sample PM me.

Please send it to me(jackwang[at]comodo[.]com), and we will test it.

Thanks.
Best Regards.
« Last Edit: June 05, 2013, 09:27:18 PM by Flykite »

Offline malwarekiller

  • Comodo Loves me
  • ****
  • Posts: 194
Re: Avatar rootkit bypasses COMODO HIPS/Sandbox or not?
« Reply #21 on: June 06, 2013, 12:37:04 AM »
Please send it to me(jackwang[at]comodo[.]com), and we will test it.

Thanks.
Best Regards.

thanks I will do that right away...I have some more samples of different families that claim to bypass it,will those send along to you too.

EDIT: sent the mail with all samples...do tell me the result.
« Last Edit: June 06, 2013, 12:46:57 AM by malwarekiller »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek