Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
A quick Malwarebytes 3.0 test
Message
<blockquote data-quote="cruelsister" data-source="post: 575086" data-attributes="member: 7463"><p>A few things:</p><p></p><p>1). I ran malware from the Desktop- Is this a valid way of testing the product?</p><p>Yes it is- I direct you to a comment from MB staff on their forums (found here: <a href="https://forums.malwarebytes.org/topic/191702-malwarebytes-latest-video-review/" target="_blank">Malwarebytes latest video review.</a> )</p><p></p><p>“ Testing URLs that point to malware is not real-world testing. Typically before a URL pointing to an EXE gets executed, it is tripped by either an Exploit Kit or a JavaScript downloader in a ZIP email attachment. These are the top 2 infection vectors nowadays representing pretty much the vast majority of prevalent malware. If the infection vector is replicated during the test (either visiting an exploit-rigged website or opening the ZIP from an email) these infection vectors would have been blocked by MB3 before the malware was downloaded.”</p><p></p><p>Note that email attachments are mentioned- an email attachment MUST be saved (usually to Temp) and run locally. So whether a file is saved to and run from Temp or Desktop is trivial. Both are equally valid.</p><p></p><p>2). about the stuff left behind after the initial scan- These were primarily script based (from the Locky, Cerber, RAA, and Nemucod families). All of the Locky variants were blocked as they could not contact their C&C to download the payload (as mentioned in the MB note above); but the others were able to pass through just like the RAA demonstrated in the video.</p><p></p><p>3). The Petya file (Original Red flavor) was able to bypass MB but I chose not to dwell on this as it is not really distributed anymore.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 575086, member: 7463"] A few things: 1). I ran malware from the Desktop- Is this a valid way of testing the product? Yes it is- I direct you to a comment from MB staff on their forums (found here: [URL="https://forums.malwarebytes.org/topic/191702-malwarebytes-latest-video-review/"]Malwarebytes latest video review.[/URL] ) “ Testing URLs that point to malware is not real-world testing. Typically before a URL pointing to an EXE gets executed, it is tripped by either an Exploit Kit or a JavaScript downloader in a ZIP email attachment. These are the top 2 infection vectors nowadays representing pretty much the vast majority of prevalent malware. If the infection vector is replicated during the test (either visiting an exploit-rigged website or opening the ZIP from an email) these infection vectors would have been blocked by MB3 before the malware was downloaded.” Note that email attachments are mentioned- an email attachment MUST be saved (usually to Temp) and run locally. So whether a file is saved to and run from Temp or Desktop is trivial. Both are equally valid. 2). about the stuff left behind after the initial scan- These were primarily script based (from the Locky, Cerber, RAA, and Nemucod families). All of the Locky variants were blocked as they could not contact their C&C to download the payload (as mentioned in the MB note above); but the others were able to pass through just like the RAA demonstrated in the video. 3). The Petya file (Original Red flavor) was able to bypass MB but I chose not to dwell on this as it is not really distributed anymore. [/QUOTE]
Insert quotes…
Verification
Post reply
Top