Hi all
I found a topic that talks about hacking Comodo by the URL-HTA
Hi all
I found a topic that talks about hacking Comodo by the URL-HTA
This site contains malware, blocked by my protection program - just seen - it seems it’s ransamware
Here is a youtube video: اختبار اختراق PayLoad Useing URL HTA مع 10 Comodo Internet Security - YouTube
It is clean
Hmm, looking a the video I only saw two items that weren’t in my default setup. Those being the Firewall Application default rule for Windows Updater App and the default rule to Ignore Metro Apps.
I did see that the files were manually removed from the Blocked Applications and File List after each run. Was virus still evident after reboot or manually resetting the container?
I’m no expert though, just my observation from watching it.
Eric
If you try to create an empty file with the same extension and then open it with a browser, the file will not be placed in the container
hi all
i am owner this video
about this comment
All settings are on the default settings by company
about manually remove Blocked Applications ? this gust for to Make sure the final file (bypass.hta) is not Blocked by contained
about the virus still evident after reboot or manually resetting the container? There is no installation in the file after reboot or manually resetting the container I did it gust for testing only
any thing you ask for i will reply it and i want to send the file to company Give me the link to submit file to analysis
best of luck
You can send the file following the instructions in Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!).
IMO It’s best to contact Umesh directly - please send him a PM with a link to the malware and this topic.
I can partially agree with what “Prodex” says. The site “h**p://forum.zyzoom.net” contains some references to blacklisted domains and blacklisted links. That is why it is blocked by some applications.
[i]But there are no immediate risks on this site!
Nevertheless, an interesting report! :-TU Thank you to “SD Ahmad”!!!
References to Blacklisted Domains:
Detected reference to malicious blacklisted domain >>> /threads/307678/# > “winaso.com” > Page/File MD5: AAAC4517A897D0486BCCE65007A17ADC
Detected reference to malicious blacklisted domain >>> /threads/307627/# > “up.ibda3gate.com” > Page/File MD5: C364D0FA04208126762A8BE76458007C
Detected reference to malicious blacklisted domain >>> /forums/-/index.rss > “up.ibda3gate.com” > Page/File MD5: 043E36C0549D5549A452F729A5621661
Was this not achieved because the file was placed onto the system by the VM (which would have been comparable to writing the file to disk using a different OS), and therefore did not meet any of the default Containment Conditions, in particular the ‘File Created by Porcess(es)’ condition?