App Review Computer Worms: an Uncomfortable Truth

[cruelsister]

Content source

https://youtu.be/jKinOXNOqLQ

 

[Bot]

Sorry I couldn't contact the ChatGPT think tank

 

[cruelsister]

Regarding the malware used in this video:

Of the 7 files, 4 were Scriptor Worms, and the other 3 were regular malicious files. Of these latter 3, 2 were detected and deleted (silently); the third was coded to spawn a copy of itself- although this is normally done by dropping the daughter (which will auto-run on the drop) into the Roaming directory, this one was coded to place it on the Desktop to make the ZA detection of it easier to follow.

You may have noted that although the original was deleted, the copy reappeared on the desktop were it was detected and deleted once again. Of the 4 Worms, one was detected and deleted right away, of the other 3, two were able to connect out, one was not. But it is important to note that all 3 were coded to persist on reboot.

On Reboot, one was dropped into Roaming where it was detected and stopped (although not shown, trust me on this). Of the other two, as can be seen one created the Powershell connection to Ukraine (not good) and the other morphed into the false svchost.exe (termed a Mimic) that connected out to a Confluence Networks server in Austin, Texas. It should be noted that this server is actually a Proxy for a known Malware server located in Road Town, British Virgin Islands.

 

[EASTER]

Interesting. With every new Windows series, now 11, one cannot help but be wary of extra newly laid roadways having been inserted (in guise of a better functionality), whereby it might be easier perhaps, to EVADE direct detection. And by the highest rated of AV products. I'm sure there is an answer, Which brings this user back to Containment Technology.

And a fine tuned tracer to prevent sabotage at that incredible rate of speed.

 

[Chuck57]

Excellent video as always. I watch for the results. Trying to understand coding and all the rest is similar to me trying to understand ancient Babylonian. I do wonder if Checkpoint's ZA free firewall and AV would have done as well, or as badly depending on viewpoint.

 

[Behold Eck]

Excellent video as always. I watch for the results. Trying to understand coding and all the rest is similar to me trying to understand ancient Babylonian. I do wonder if Checkpoint's ZA free firewall and AV would have done as well, or as badly depending on viewpoint.

Well the free version is not even recommended by the Next Gen Extreme Zen brigade so I doubt it.

Regards Eck

 

[Khushal]

Disappointing Results.

 

[simmerskool]

Excellent video as always. I watch for the results. Trying to understand coding and all the rest is similar to me trying to understand ancient Babylonian. I do wonder if Checkpoint's ZA free firewall and AV would have done as well, or as badly depending on viewpoint.

fwiw I just happened to install ZA Pro Firewall (paid -- no AV) yesterday on VM with MS Defender (ZA says it only works with msD) Too soon to have any conclusion about its strength, but I did find it sorta "klunky" to work with, at least compared to WFC using Windows Firewall but ZA may be stronger than WF+WFC combo. I wonder why ZA did not incorporate its various Anti-Ransom features into its ZAPFW. Seems to be marketing ploy to get you to use ZANG AV with all its features. My understanding and user experience is you cannot run both ZAFW & ZAAR together, you have to pick only one ZA app. (I run CheckPoint Harmony and find it stronger and friendlier than ZA apps).