App Review Can the HitMan squish a Worm?

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
JG- Really no need to upload this one anywhere- I coded it only to have very basic worm functions:

a. Get into memory,
b. set itself up for persistence,
c. the ability to infect external drives when plugged in to the infected system,
d. and the ability to listen/receive on the Network.

So this is a really Bargain Basement type of malware (when I got home tonight I saw a number of emails from former colleagues mocking me for being a Script-Kiddie at heart). Also, I do have a Part 3 already done which will feature Zemana (to be published soon).

Terry- Yes, it is a joke and a very bad one. I did a Worm series like 2 years ago and seemingly nothing has been done about it. Strange thing is that Home products will do better against Worms than Enterprise applications! The latter are too afraid of creating FP's so are very prone to script-kiddie malware such as those used in the retail breaches at Home Depot and Target; also much more elaborate scriptors are being directed at governments and God alone knows how many are still active and undetected.

I've been railing about this for years, and is the main reason I left the Security field and Fled to Wall Street: now I am not constantly depressed by the ignorance of those that should know better (mostly State University products).
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Seems lame where a basic symptoms of worms should recognized because of usual behavior, unfortunately the changes brought by engines where usually ineffective on other hand.

At the end of the day, detection based algorithm is not a solution.
 

security.paranoid

Level 2
Verified
Dec 6, 2014
57
@cruelsister thnaks for the review , can you please review the endpoint software they claim that next gen endpoint protection with AI are more accurate than old signature based product take a look to symantec or officescan trend micro
 
  • Like
Reactions: XhenEd

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
SP- Sorry but I can't. I'm precluded from commenting on any Enterprise software due to my current employment, because of potential Conflicts of Interest.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@cruelsister

Windows 10 built-in security is considered by many forum members as sufficient to protect them against malware (including ransomware). But, there are few valid tests, that can prove/disprove such claims. Could you, please test against ransomware & scriptors the below configuration:
1. SRP default deny.
2. Blocked Windows Script Host and Powershell.
3. Windows Defender + Forced Smartscreen.

I noticed that in malware tests most testers use malware samples without 'Mark of the Web', so those samples cannot be checked by SmartScreen Application reputation cloud. Forced SmartScreen can check files without 'Mark of the Web'.
If you want, you can use Hard_Configurator to quickly apply the above config.
If the file is blocked by SRP, it is possible in the test to run the malware sample using Forced SmartScreen (<Run As SmartScreen> = Administrator, option in Hard_Configurator). In the above config, Forced SmartScreen is an additional protection, applied when installing files with active default deny SRP.
 
Last edited:
  • Like
Reactions: frogboy and XhenEd

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Andy- Although I understand your point I will never do such a test for a variety of reasons:

1). My videos are targeted at two groups- Developers and the Total Noob. The Developer will want to see how their product failed without any extraneous stuff being involved, and the Total Noob will have absolutely no idea how to implement the changes you suggest. So (please, please understand there is NO insult intended!) a setup as you suggest would have so limited a practical appeal that it would not be worth doing. It normally takes me about 20-30 hours of preliminary work to make a 3 minute video (I know my videos seem to be half-assed, but they are really not), so I really have to pick and choose my topics carefully.

2). You will also note that I only run malware from my desktop. The reason for this is that it is the "lowest common denominator" is used; as a Web threat must still react locally on your system, and running stuff from the Desktop will also include things like a malware threat from a USB as well as an saved email attachment. So concentrating on something like Web Threats alone would be like testing something that will only work on Wednesdays. I never will do a "Wednesday Rules" video. never, ever.

3). Finally I feel that the computer should be used for High and Noble things (for a Woman to seek out and absorb recent topics in the Arts and Sciences; for the Male to watch Porn and play Video games). Wouldn't it be easier and more efficient to use something like CF or Umbra's love, AppGuard, and not worry about arcane Windows settings that most cannot understand, no less implement?

But I thank you for your comment- it speaks highly of your computer knowledge. But I just don't think the Game would be worth the Candle for the majority of computer users.

M
 
Last edited:

Huchim

Level 5
Verified
Well-known
Oct 17, 2015
240
Awesome video as always, thanks.

I think this kind of worm is common here where I live, frecuently I help my friends and family with that, some AV's really fail protecting the pc. I'm not saying names but is hard to reccomend AV/AM to protect with 100% (I know is impossible, but that's what my friends and family ask for)
 
  • Like
Reactions: askmark and XhenEd

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Huchim- You may see that the prevalence of new worms is down to about 7% of all malware, but that's only because of the increase in ransomware. However most of the current computers currently infected will be infected by worms. As to the best way of determining infection by this class of malware tune in this weekend.
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Awesome video as always, thanks.

I think this kind of worm is common here where I live, frecuently I help my friends and family with that, some AV's really fail protecting the pc. I'm not saying names but is hard to reccomend AV/AM to protect with 100% (I know is impossible, but that's what my friends and family ask for)

A byte of prevention is better than a megabyte of cure. My suggestion is to block wscript.exe if your friends don't use vbs scripts. That's one way to prevent vbs class worms from running.


Huchim- You may see that the prevalence of new worms is down to about 7% of all malware, but that's only because of the increase in ransomware. However most of the current computers currently infected will be infected by worms. As to the best way of determining infection by this class of malware tune in this weekend.

True, worm are still prevalent here (Philippines). Never had any experience with ransomware except from MT's malware packs.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top