BoClean Doesn't detect this Trojan....

Hello,

Avast didn’t detect yesterday, today it does. I sent the sample…

Please look at this link and download the link, it is a Trojan…

http:/ 207.144.10.170/?785c21a5aa8088aea28ab

BoClean didn’t detect it as far as I can ascertain…

Thanks
Jim

Hi Straight Shooter,

Yes, Avast detects it as ‘Win32:Tibs-BDA [Trj]’. But BOClean won’t detect it before you try to open it(and since I got no virtualization program I won’t try to open it). You can download mIRC, but if you try to run it BOClean will warn you. So BOClean will only detect it if you try to open it. Also, as it might be new, as Avast started to detect it today, it might not be in BOClean database yet.

Ragwing

I submitted that variant about 2 days ago so CBO shouldn’t have any problems with it.
When you see these things (ecard exploit spam) a quick lookup of the network hosting them and an abuse report does wonders to get them pulled before the unsuspecting get hit.
I’ve reported this one and am breaking your link so someone doesn’t hit it and get infected.
A little OT but can anyone enlighten me how the malware is finding it’s way onto the hosts?

Thank you for breaking the link. I sincerely don’t want to see anyone get infected.

I took this “ecard” and dropped it in BoClean, (single file scan) and it didn’t detect it…

Thanks
Jim

Does anyone in their right mind open ecards! :o
No offence Straight Shooter. :slight_smile:

Mike.

To my knowledge BOClean’s “hidden” scanner hasn’t been updated since Comodo’s acquisition.
It was never meant to be used for white listing files, it was a simple redundancy check for submitters.

Every chance I get. ;D

Ecards is a trojan; Isn’t BoClean supposed to detect trojans?

BOClean is real-time protetction, like ~cat~ said, it wasn’t meant to include a scanner. So therefore it won’t be detected till before you open it.

That is correct, CBO detects trojans when they attempt to become active.

I thought if you drop a file on the BOClean menu BoClean will “scan” it for you…

Yes it does, but ~cat~ also said:

Which means it can’t detect the trojan you got thru scanning.
It CAN scan, but it’s not meant to scan for trojans, it’s meant to prevent them from running when you execute the file.

Ragwing

Are you the same “Straight Shooter” that posts at BBR?

Yes I am…are you a fan? LOL… (:KWL)

To Ragwing, Okay… I see what is being said now… However, I was too “nervous” understandably to open up the trojan and put BoClean to THAT test…

At least someone (hopefully) has the sample…

Jim

as far as i know, none of the anti-trojan programs detect those “ecard” files… i have submitted them to emsisoft (a-squared), sunbelt (counterspy), misec (trojanhunter), comodo (BOClean), but when i scan the files at “virustotal” or at “virusscan.jotti”, or with the TH program, the BOC program, or with the a-squared program (i don’t have “counterspy” installed), none of them flag the files…