Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Firewall 10 Setup
Message
<blockquote data-quote="cruelsister" data-source="post: 686305" data-attributes="member: 7463"><p>Allow me to butt in here to discuss the CCleaner malware:</p><p></p><p>1). This thing was both SIGNED (legitimately) and available for download from the company's own servers. </p><p>2). CCleaner in itself was not (kinda-sorta) the actual malware! What it did was to connect to a non-Piriform server to download the payload(s) which were targeted to specific organizations (specialized secondary payloads). Infection would have only occurred after the payload was downloaded and run, and for a number of arcane reasons this (these) payload(s) are not available for testing. However I did not catch a hint that the payload(s) themselves were signed- and if they were not they would have been treated like any other malware and contained.</p><p></p><p>Anyway, the actual payloads would only infect the targeted machines to the extent of creating a backdoor for espionage related data acquisition. But as this backdoor was not part of the initial CCleaner installation cascade there is no reason to believe that the Firewall, if set as I suggest, would not have precluded Outbound connections and thus stopped the handshake needed for the data acquisition queries to proceed. </p><p></p><p>That it was targeted only should actually be intuitively obvious- the acquisition of the Private Key to sign AND getting the FTP credentials to upload the trojan to a legitimate server is neither easy nor inexpensive. The difficulty (and expense) of doing this makes it pointless for widespread dissemination to Riffraff like us (the more disseminated publicly, the higher the odds for early detection). High quality stuff like this has a purpose and that purpose is never going to be shaking down Mooks for a couple of bucks.</p><p></p><p>Finally, for those paranoid I did post a couple of videos a few years ago (God! have I really been doing this for that long? Someone needs a Life...) about a Nightmare Scenario where an exceptionally Highly Signed malware can penetrate even a Restricted TVL. </p><p>But as Umbra properly states the Comodo TVL can be modified to preclude installation by any but a few vendors for those concerned. And sadly there is another video on how to do this.</p><p></p><p>But the really important point is that Comodo gives one the ability to include these restrictions. Does anyone else?</p></blockquote><p></p>
[QUOTE="cruelsister, post: 686305, member: 7463"] Allow me to butt in here to discuss the CCleaner malware: 1). This thing was both SIGNED (legitimately) and available for download from the company's own servers. 2). CCleaner in itself was not (kinda-sorta) the actual malware! What it did was to connect to a non-Piriform server to download the payload(s) which were targeted to specific organizations (specialized secondary payloads). Infection would have only occurred after the payload was downloaded and run, and for a number of arcane reasons this (these) payload(s) are not available for testing. However I did not catch a hint that the payload(s) themselves were signed- and if they were not they would have been treated like any other malware and contained. Anyway, the actual payloads would only infect the targeted machines to the extent of creating a backdoor for espionage related data acquisition. But as this backdoor was not part of the initial CCleaner installation cascade there is no reason to believe that the Firewall, if set as I suggest, would not have precluded Outbound connections and thus stopped the handshake needed for the data acquisition queries to proceed. That it was targeted only should actually be intuitively obvious- the acquisition of the Private Key to sign AND getting the FTP credentials to upload the trojan to a legitimate server is neither easy nor inexpensive. The difficulty (and expense) of doing this makes it pointless for widespread dissemination to Riffraff like us (the more disseminated publicly, the higher the odds for early detection). High quality stuff like this has a purpose and that purpose is never going to be shaking down Mooks for a couple of bucks. Finally, for those paranoid I did post a couple of videos a few years ago (God! have I really been doing this for that long? Someone needs a Life...) about a Nightmare Scenario where an exceptionally Highly Signed malware can penetrate even a Restricted TVL. But as Umbra properly states the Comodo TVL can be modified to preclude installation by any but a few vendors for those concerned. And sadly there is another video on how to do this. But the really important point is that Comodo gives one the ability to include these restrictions. Does anyone else? [/QUOTE]
Insert quotes…
Verification
Post reply
Top