Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
NoVirusThanks OSArmor vs Ransomware
Message
<blockquote data-quote="Andy Ful" data-source="post: 835556" data-attributes="member: 32260"><p>I have already commented Juan Diaz video's:</p><p>[URL unfurl="false"]https://malwaretips.com/threads/wisevector-stopx-vs-ransomware.95058/#post-835181[/URL]</p><p>But, this one requires some additional notes because OSArmor is not an AV. It is not designed to detect the PE malware (like EXE, DLL etc.), but can harden the system in many ways to avoid suspicious files/actions.</p><ol> <li data-xf-list-type="ol">It is easy to compile the signed malware which could bypass OSArmor if one knows how the system is hardened. Similarly, it is easy to go out of the labyrinth if one knows the right way. But, most widespread malware in the wild will be blocked, anyway.</li> <li data-xf-list-type="ol">Most EXE malware in the wild is not delivered as a direct download. Usually, they are delivered by using scripts (directly or embedded in spam, documents, etc.), ZIP archives, or LOLBins. This delivery method is blocked well by OSArmor, which can be seen on the video.</li> </ol><p>For example, the delivery method of <a href="https://www.scmagazine.com/home/security-news/cybercrime/ordinypt-wiper-ransomware-targets-german-businesses/" target="_blank">Ordinypt</a> Wiper malware from the post:</p><p><a href="https://malwaretips.com/threads/fake-résumé-emails-attempt-to-spread-ordinypt-wiper-to-german-recipients.95132/" target="_blank">Security Alert - Fake résumé emails attempt to spread Ordinypt Wiper to German recipients</a>,</p><p>uses ZIP archive (spam attachment) with the malicious EXE file (Lebenslauf.pdf.exe) that pretends to be a PDF document. This also will be blocked by OSArmor.</p><p></p><p>If the author wanted to show that OSArmor can be bypassed, then this is nothing new.</p><p>If the author wanted to show how effective is OSArmor, then he failed as I commented in the post about his test on WiseVector.</p><p>If the author wanted to show how OSArmor works by using some malware examples, then the video is probably OK.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 835556, member: 32260"] I have already commented Juan Diaz video's: [URL unfurl="false"]https://malwaretips.com/threads/wisevector-stopx-vs-ransomware.95058/#post-835181[/URL] But, this one requires some additional notes because OSArmor is not an AV. It is not designed to detect the PE malware (like EXE, DLL etc.), but can harden the system in many ways to avoid suspicious files/actions. [LIST=1] [*]It is easy to compile the signed malware which could bypass OSArmor if one knows how the system is hardened. Similarly, it is easy to go out of the labyrinth if one knows the right way. But, most widespread malware in the wild will be blocked, anyway. [*]Most EXE malware in the wild is not delivered as a direct download. Usually, they are delivered by using scripts (directly or embedded in spam, documents, etc.), ZIP archives, or LOLBins. This delivery method is blocked well by OSArmor, which can be seen on the video. [/LIST] For example, the delivery method of [URL='https://www.scmagazine.com/home/security-news/cybercrime/ordinypt-wiper-ransomware-targets-german-businesses/']Ordinypt[/URL] Wiper malware from the post: [URL='https://malwaretips.com/threads/fake-résumé-emails-attempt-to-spread-ordinypt-wiper-to-german-recipients.95132/']Security Alert - Fake résumé emails attempt to spread Ordinypt Wiper to German recipients[/URL], uses ZIP archive (spam attachment) with the malicious EXE file (Lebenslauf.pdf.exe) that pretends to be a PDF document. This also will be blocked by OSArmor. If the author wanted to show that OSArmor can be bypassed, then this is nothing new. If the author wanted to show how effective is OSArmor, then he failed as I commented in the post about his test on WiseVector. If the author wanted to show how OSArmor works by using some malware examples, then the video is probably OK. [/QUOTE]
Insert quotes…
Verification
Post reply
Top