Author Topic: Comodo bypassed  (Read 3918 times)

Offline SD Ahmad

  • Comodo's Hero
  • *****
  • Posts: 812
    • http://orient-news.net/en
Comodo bypassed
« on: June 23, 2018, 01:05:27 AM »
Hi all

I found a topic that talks about hacking Comodo by the URL-HTA

http://forum.zyzoom.net/threads/308621/
« Last Edit: June 23, 2018, 01:08:48 AM by SD Ahmad »

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 536
Re: Comodo bypassed
« Reply #1 on: June 23, 2018, 03:44:59 AM »
This site contains malware, blocked by my protection program - just seen - it seems  it's ransamware
« Last Edit: June 23, 2018, 04:04:59 AM by prodex »

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: Comodo bypassed
« Reply #2 on: June 23, 2018, 04:02:19 AM »
Here is a youtube video: https://youtu.be/vC-2GARcrV4

Offline SD Ahmad

  • Comodo's Hero
  • *****
  • Posts: 812
    • http://orient-news.net/en
Re: Comodo bypassed
« Reply #3 on: June 23, 2018, 04:09:43 AM »
This site contains malware, blocked by my protection program - just seen - it seems  it's ransamware
It is clean
https://www.virustotal.com/ar/url/2d2320aa336227ace34e38589c48525b2bce91d7f5893690192ad54dc5160421/analysis/1529741307/

Offline Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2794
  • Security Saskquatch
Re: Comodo bypassed
« Reply #4 on: June 23, 2018, 04:35:13 AM »
Hmm, looking a the video I only saw two items that weren't in my default setup. Those being the Firewall Application default rule for Windows Updater App and the default rule to Ignore Metro Apps.

I did see that the files were manually removed from the Blocked Applications and File List after each run. Was virus still evident after reboot or manually resetting the container?

I'm no expert though, just my observation from watching it.

Eric

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline SD Ahmad

  • Comodo's Hero
  • *****
  • Posts: 812
    • http://orient-news.net/en
Re: Comodo bypassed
« Reply #5 on: June 23, 2018, 08:59:21 AM »
Hmm, looking a the video I only saw two items that weren't in my default setup. Those being the Firewall Application default rule for Windows Updater App and the default rule to Ignore Metro Apps.

I did see that the files were manually removed from the Blocked Applications and File List after each run. Was virus still evident after reboot or manually resetting the container?

I'm no expert though, just my observation from watching it.

Eric
If you try to create an empty file with the same extension and then open it with a browser, the file will not be placed in the container

Offline black007

  • Newbie
  • *
  • Posts: 1
Re: Comodo bypassed
« Reply #6 on: June 23, 2018, 10:37:03 AM »
hi all

i am owner this video

about this comment

Hmm, looking a the video I only saw two items that weren't in my default setup. Those being the Firewall Application default rule for Windows Updater App and the default rule to Ignore Metro Apps.

I did see that the files were manually removed from the Blocked Applications and File List after each run. Was virus still evident after reboot or manually resetting the container?

I'm no expert though, just my observation from watching it.

Eric

All settings are on the default settings  by company

about manually remove Blocked Applications ? this gust for to Make sure the final file (bypass.hta) is not Blocked by contained

about the virus still evident after reboot or manually resetting the container? There is no installation in the file after reboot or manually resetting the container I did it gust for testing only

any thing you ask for i will reply it and i want to send the file to company Give me the link to submit file to analysis

best of luck

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26532
Re: Comodo bypassed
« Reply #7 on: June 23, 2018, 11:36:34 AM »
You can send the file following the instructions in Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!).

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: Comodo bypassed
« Reply #8 on: June 23, 2018, 02:36:10 PM »
IMO It's best to contact Umesh directly - please send him a PM with a link to the malware and this topic.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 667
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Comodo bypassed
« Reply #9 on: June 23, 2018, 09:38:00 PM »
This site contains malware, blocked by my protection program - just seen - it seems  it's ransamware

I can partially agree with what "Prodex" says. The site "h**p://forum.zyzoom.net" contains some references to blacklisted domains and blacklisted links. That is why it is blocked by some applications.

But there are no immediate risks on this site!

Nevertheless, an interesting report! :-TU Thank you to "SD Ahmad"!!!

References to Blacklisted Domains:

Detected reference to malicious blacklisted domain >>> /threads/307678/# > "winaso.com" > Page/File MD5: AAAC4517A897D0486BCCE65007A17ADC

Detected reference to malicious blacklisted domain >>> /threads/307627/# > "up.ibda3gate.com" > Page/File MD5: C364D0FA04208126762A8BE76458007C

Detected reference to malicious blacklisted domain >>> /forums/-/index.rss  > "up.ibda3gate.com" > Page/File MD5:   043E36C0549D5549A452F729A5621661
« Last Edit: June 23, 2018, 10:08:20 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 599
  • Paranoid B#st#rd - CIA
Re: Comodo bypassed
« Reply #10 on: June 28, 2018, 02:21:27 AM »
Was this not achieved because the file was placed onto the system by the VM (which would have been comparable to writing the file to disk using a different OS), and therefore did not meet any of the default Containment Conditions, in particular the 'File Created by Porcess(es)' condition?
« Last Edit: June 28, 2018, 06:05:54 PM by ReeceN »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek