Jump to content


Photo

Is Immunet Still Developing Detections For New Malware?


  • Please log in to reply
3 replies to this topic

#1 thecomputerdude

thecomputerdude

    Newbie

  • Members
  • Pip
  • 8 posts
  • LocationBaton Rouge, LA

Posted 24 June 2014 - 05:40 PM

I submitted a new detection to the samples email address June 19th and I have yet to see Immunet picking up on the detection. The submission was for an aggressive version of the OffersWizard malware (that downloads and runs itself via a Java/Flash exploit). Since I submitted the initial detection to VirusTotal, 8 other vendors have picked it up and blocked it.

The hash in question is:

9fa00e02962a2c3794e2c42b6249457ab994a2f7f1d98b911d82dbb95fa6205e

Interesting enough Immunet is quarantining the Virustotal webpage temp file for that particular report.

Edited by thecomputerdude, 24 June 2014 - 05:40 PM.


#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,958 posts
  • LocationOil City, Pa. U.S.A.

Posted 25 June 2014 - 06:42 PM

Hello thecomputerdude, I have heard of that OffersWizzard virus before and thanks for bringing this to our attention. I know it can sometimes take several days or more for Support to investigate a new malware sample that was submitted because of the amount of samples turned in by conscientious users like yourself. I'll contact an Admin. and make sure someone is aware of this situation.

As far as Immunet reacting to a Virustotal page that is a little disconcerting.

Regards, Ritchie...

Edit: I just PM'ed Jose about this.

Edited by ritchie58, 25 June 2014 - 06:58 PM.
Admin. contacted

* Immunet Global Forum Moderator *


#3 Jose

Jose

    Advanced Member

  • Administrators
  • 104 posts

Posted 25 June 2014 - 07:11 PM

Hey thecomputerdude,

Thanks for taking the time to let us know. Sorry about the delay in getting back to you.

I'll talk to the folks over here to get that particular file branded as malicious. It might be useful if you could send us the file to support@immunet.com (please make sure it is ZIPPED with a PASSWORD), so that we can confirm its maliciousness faster ( we can't just brand it malicious because 1 customer and a few competitors say so, we still need to look at the file. No disrespect intended).

And to answers your topic title question, yes Immunet continues to add detections for malicious software every day.

Thank you,

-Jose

PS: And also thanks Ritchie.

#4 thecomputerdude

thecomputerdude

    Newbie

  • Members
  • Pip
  • 8 posts
  • LocationBaton Rouge, LA

Posted 26 June 2014 - 06:01 PM

Thanks for the responses! It looks like Immunet has processed the submission, as my sample file was immediately detected today when I logged back into my account. Detection name was "Jar.Trojan".

As always, thanks for the great antivirus!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users