Author Topic: weakness of the gpCode  (Read 107022 times)

Offline harsha_mic

  • Computer Security Testing Group
  • Comodo Loves me
  • *****
  • Posts: 155
Re: weakness of the gpCode
« Reply #15 on: December 08, 2010, 05:01:25 AM »
Any infos/update on this from dev reg. D+ Handling?

Thanks,
Harsha.
W7 64 bit | Comodo Fw v5.8 | Eset NOD32 AV v5 | Hitman (ondemand)

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
Re: weakness of the gpCode
« Reply #16 on: December 09, 2010, 02:06:08 PM »
Defense+ should prevent that if docs are added to "protected files/folders" under D+ settings, e.g. "C:\Documents and Settings\User\My documents*"

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: weakness of the gpCode
« Reply #17 on: December 09, 2010, 02:22:44 PM »
Yep but who adds all movies, pics and other files to that section?  >:-D

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
Re: weakness of the gpCode
« Reply #18 on: December 09, 2010, 02:28:33 PM »
Yep but who adds all movies, pics and other files to that section?  >:-D
Me, so what?

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: weakness of the gpCode
« Reply #19 on: December 09, 2010, 02:41:54 PM »
That's great, but 99% users don't :)

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
Re: weakness of the gpCode
« Reply #20 on: December 09, 2010, 02:44:22 PM »
That's great, but 99% users doesn't :)
Probably, but that doesn't mean Defense+ can't prevent disaster (encoding of docs by virus) like U said:

D+&sandbox can't prevent this ;).

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: weakness of the gpCode
« Reply #21 on: December 09, 2010, 03:03:31 PM »
Yes,  but in 'normal terms' can't.
When you add all your system files.
You can also disconnect from the Internet :)

Offline harsha_mic

  • Computer Security Testing Group
  • Comodo Loves me
  • *****
  • Posts: 155
Re: weakness of the gpCode
« Reply #22 on: December 10, 2010, 12:19:05 AM »
if the unknown sample is been identified as suspicious and sandboxed automatically, then in this particular scenario it should block that sample from getting directory/files list and write access to the disk irrespective of what level it is sandboxed. This way i believe we can get protection against unknown file infectors by design....
W7 64 bit | Comodo Fw v5.8 | Eset NOD32 AV v5 | Hitman (ondemand)

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: weakness of the gpCode
« Reply #23 on: December 10, 2010, 01:43:40 PM »
If I understand correctly it uses the built in Windows encryption to encrypt users files.

Isn't a possible solution for CIS to detect the source of the request, just like they added in V5 for scripts? Is there a reason this wouldn't work?

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: weakness of the gpCode
« Reply #24 on: December 10, 2010, 06:21:03 PM »
how can I protect myself against this then?

The simplest way to mitigate this type of malware is to employ a disk imaging strategy.
You can also utilize full sandboxing (SandboxIE) for web-facing applications to contain any such threats.

Offline Valentin N

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2869
  • Usability Study Group
    • My homepage at the moment
Re: weakness of the gpCode
« Reply #25 on: December 10, 2010, 06:23:37 PM »
thanks! :)
Skype: comodohelper (Personal)

CEVPN: Valentin N

CIS 6.3

Keep CTM alive by voting


Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: weakness of the gpCode
« Reply #26 on: December 10, 2010, 06:37:03 PM »
You're welcome  ;)

Actually I'm surprised that this form of ransomware hasn't become far more prevailant given it's potential yield.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: weakness of the gpCode
« Reply #27 on: December 10, 2010, 06:40:31 PM »
The simplest way to mitigate this type of malware is to employ a disk imaging strategy.
You can also utilize full sandboxing (SandboxIE) for web-facing applications to contain any such threats.
But CIS should still be able to stop it with default configuration.

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: weakness of the gpCode
« Reply #28 on: December 10, 2010, 06:40:53 PM »
someone send me a copy, I want to test it out.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: weakness of the gpCode
« Reply #29 on: December 10, 2010, 06:44:49 PM »
But CIS should still be able to stop it with default configuration.

Yes it should,but since nothing is perfect system imaging should be a part of any threat protection strategy.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek