Author Topic: exploit in COMODO Internet Security  (Read 8398 times)

Offline furthers

  • Newbie
  • *
  • Posts: 9
exploit in COMODO Internet Security
« on: October 12, 2013, 02:07:13 PM »
Hello every body ..


i discovered a big exploit in comodo and bypass it.. ex: run any malware  or trojan without detected..

who should know about it ? and is there a reward ?



------------------------

skype link removed

Written by Jay2007tech
Quote
Statement by me is reversed

Youtube video is back
https://www.youtube.com/watch?v=5E7VFvaq7gM
« Last Edit: October 31, 2013, 06:30:47 PM by jay2007tech »

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: exploit in COMODO Internet Security
« Reply #1 on: October 12, 2013, 02:09:54 PM »
Please PM me a description of the exploit, and any relevant files, and I will pass these on to Comodo. Note that to do this you should upload any relevant files to a file sharing site, as it's not possible to attach files to a PM.

By the way, I am not an employee of Comodo. I am a volunteer Moderator, but I can forward these to the developers.

Thank you.

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
Re: exploit in COMODO Internet Security
« Reply #2 on: October 12, 2013, 03:22:12 PM »
and is there a reward ?
The "reward" is to help all COMODO community to keep them protected. ;)

COMODO gives a superior product FOR FREE, while other PAID products are not as good as they say they are.
It's all about win/win. COMODO provides for free to any users, and we collaborate for free to COMODO when we find bugs, exploits, etc. This make the product stronger and we are also helping to protect OURSELVES even better.

Good job by the way! :) :-TU

Offline developer X

  • Newbie
  • *
  • Posts: 1
Re: exploit in COMODO Internet Security
« Reply #3 on: October 14, 2013, 12:20:01 AM »
i want to sell it if u can..
how much u want?please accept me my skype is like my name
best Regards

I unbolded your text. Eric
« Last Edit: October 14, 2013, 08:41:43 AM by EricJH »

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26181
Re: exploit in COMODO Internet Security
« Reply #4 on: October 14, 2013, 08:43:26 AM »
This Comodo's point of view as per the head developer:
Ok lets see what this issue is about.

However in the future, the ethical way to follow would be reporting the vulnerability to us in private, let us fix the issue and issue the update before you disclose the vulnerability.

This way we will be able to protect the customers before they are exploited. And in the updates, we will officially thank and credit you.

This is an *unwritten rule* in the security industry and its the best path to follow. You can PM me on these any time.

Thanks,
Egemen


Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: exploit in COMODO Internet Security
« Reply #5 on: October 19, 2013, 04:04:37 AM »
If you want Comodo to consider buying your exploit.  There going to want a detailed description especially since most of the people that claim "big exploit" are not really a big exploit and in some cases their fake.  Using the search feature in the comodo forums will show you some of that

One of the things there going to want to know is what configurations are you referring to and Which windows is it  (32 or 64x) (XP, Vista, 7,8 8.1)

some examples: Will it only work under default only.  Do you have to infect the computer first before installing comodo.   Can you make a video showing what your talking about

Will it work with proactive settings?
Will it work with Hips set as "paranoid mode"
Can it breakout of the sandbox, if so how far (Partily Limited, Limited, Restricted, Untrusted and or Fully Virtualized
You get the idea

P.S.  Some ransomware can bypass the sand box only "partially limited" but not limited.  They are aware of this situation

Hope this helps you :)
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline furthers

  • Newbie
  • *
  • Posts: 9
Re: exploit in COMODO Internet Security
« Reply #6 on: October 24, 2013, 12:55:25 AM »
ok jay2007tech  .. u can see the show here  ;) ...

*********youtube link removed due to lack of proof***********

working on (32 or 64x) (XP, Vista, 7,8 8.1)

----------------------------------------------------------------------------
until now no one know about it  ....

Best regards ...
« Last Edit: October 29, 2013, 02:28:24 AM by jay2007tech »

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11825
  • Linux is free only if your time is worthless.;-)
Re: exploit in COMODO Internet Security
« Reply #7 on: October 24, 2013, 04:49:50 AM »
Thnx for the vid.

So this, at least in part, relies on your EXE being on the system first?

How does it go if you enable HIPS on a clean system and then try getting the EXE in the clean systems file system before executing it?

Cheers,
Ewen :-)
« Last Edit: October 24, 2013, 08:17:57 AM by panic »
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 6106
  • Left the forum... Thanks COMODO for everything.
Re: exploit in COMODO Internet Security
« Reply #8 on: October 24, 2013, 05:18:15 AM »
please try enable HIPS and change the sandbox setting to untrusted

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: exploit in COMODO Internet Security
« Reply #9 on: October 24, 2013, 06:15:39 AM »
please try enable HIPS and change the sandbox setting to untrusted
Yes, please test this with Untrusted. Also, please test it with the BB set to Fully Virtualized.

Thanks.

Offline Mrarnold.

  • Comodo's Hero
  • *****
  • Posts: 699
  • R.I.P.Jay "padre" miner.Thank You For The Amiga.
Re: exploit in COMODO Internet Security
« Reply #10 on: October 24, 2013, 02:58:13 PM »
Interesting video.
However why is the needs attention showing in the widget?

Another useless video sadly.
Comodo Internet Security Premium 6.3,302093.2976.

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
Re: exploit in COMODO Internet Security
« Reply #11 on: October 25, 2013, 12:15:12 PM »
Interesting video.
However why is the needs attention showing in the widget?

Another useless video sadly.
+1 :-TU

We also don't know if the file has been whitelisted before. ;)

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: exploit in COMODO Internet Security
« Reply #12 on: October 26, 2013, 09:15:38 PM »
Quote
who should know about it ? and is there a reward ?
First, at the video  it pauses around 1:14.  Screen shows 2 block intrusions.   Then in a blink there gone.  Would that be from dns changes?  <---but that the least of the issue
Why did you disabled HIPS??  Comodo is geared more business security.  Business use Hips.  As For Customer software, most people have CIS in default settings.   Why strip down the settings.   Think of it from the other way around, most people leave there setting at default or the tweak it (tweak it as it increase security)   As for on blocking online cloud analysis, I fully understand why blocking online cloud scanning :-La  

The only thing I see is a RAT thats been recrypted, maybe new binder, whatever.  That's just so it doesn't get flagged by an AV.

I'm all for you making money on this,  but you haven't showed anything.  If its because its a public forum, then you PM me your exploit also your going to need someone to vouch for you.  I will vouch for you when you prove it ().  (Theres no way you can possibly be considered getting paid, if your work cant be verified, It's just like the underground hacking scene.

Also If it comes down to you not going to prove it, Im going to assume your a ripper and this thread will get locked.
« Last Edit: October 26, 2013, 09:21:54 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: exploit in COMODO Internet Security
« Reply #13 on: October 29, 2013, 02:24:51 AM »
furthers,

You given plenty of time.  Your thread is  locked.  Pm a reason why it should be open.    Either its fake or your a ripper.  

Quote
                                  Also, Opening up multiple account here is very suspicious.
                          ***************Thread Closed**************

Edited to add this,

Youtube video is back
https://www.youtube.com/watch?v=5E7VFvaq7gM
« Last Edit: October 31, 2013, 06:33:54 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: exploit in COMODO Internet Security
« Reply #14 on: October 31, 2013, 06:45:56 PM »
Thread reopened to due to response back from author.  If you havent read the whole thing from the begining, I put the youtube video link back
https://www.youtube.com/watch?v=5E7VFvaq7gM

Futhers,
I would strongly recommending giving a PM to "Egemen" to discuss.   I believe it would be licenses for CIS Complete and/or Trustconnect.  I would PM Egemen as what can actually be done though

Quote
Ok lets see what this issue is about.

However in the future, the ethical way to follow would be reporting the vulnerability to us in private, let us fix the issue and issue the update before you disclose the vulnerability.

This way we will be able to protect the customers before they are exploited. And in the updates, we will officially thank and credit you.

This is an *unwritten rule* in the security industry and its the best path to follow. You can PM me on these any time.

Thanks,
Egemen
« Last Edit: October 31, 2013, 07:05:28 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek