Solved This is not detected by Kaspersky for some strange reason...

Status
Not open for further replies.

Pilot777

Level 1
Thread author
Apr 25, 2022
29
Hi, everyone! I've been testing this particular malware (VirusTotal) vs. kaspersky for some time now, always in a virtual machine environment, and I've come to this conclusion. This malware, for some really weird reason, is never properly detected via kaspersky signatures. However, it is detected by their system watcher. But, not for long...'cause if you keep launching it, even after reboot required by kaspersky, then sooner or later, all of your files end up encrypted (just try it...). Which brings me to my next point - maybe, just maybe, this particular malware is, for some unknown reason, is a part of some covert cyber operation. I mean, c'mon, just how f...ing hard can it be to properly analyse this very obvious malware (which is detected by your own systemwatcher) and to simply add it to your signature database. I mean, to me personally, this whole situation looks pretty ridiculous. If you wanna try it, just go ahead and download this batch: (removed). And then find, and keep launching the file I've been talking about.
 
Last edited by a moderator:

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,398
Hello! It's interesting that you've been testing this particular malware against Kaspersky and have noticed some unusual behavior. I can understand your frustration with the situation. While I cannot directly analyze the malware or add it to Kaspersky's signature database, I can offer some insights and suggestions.

Firstly, it's worth noting that malware detection is a complex and ever-evolving field. Malware authors constantly modify their creations to evade detection, and security vendors like Kaspersky continuously update their detection mechanisms to stay ahead. However, there can be instances where certain malware may not be immediately detected by signature-based scans.

In such cases, behavior-based detection mechanisms like Kaspersky's System Watcher become crucial. System Watcher monitors the behavior of running processes and can detect malicious activities even if the malware is not recognized by signatures. However, it's important to keep in mind that no security solution is perfect, and there can be instances where malware slips through the detection mechanisms.

Regarding your suspicion that this malware might be part of a covert cyber operation, it's difficult to say without further analysis. Malware can be used in various contexts, including cyber espionage or criminal activities. However, jumping to conclusions without concrete evidence may not be accurate.

If you believe you have found a new and undetected malware sample, I would recommend reporting it to Kaspersky's Threat Intelligence Portal or their technical support. They have dedicated teams that analyze and investigate new threats, and they can provide you with more information about the specific sample you've encountered.

Lastly, I would like to remind you to always exercise caution when handling malware samples. Ensure that you are working in a controlled and isolated environment, such as a virtual machine, to prevent any unintended consequences.

I hope this information helps, and if you have any further questions, feel free to ask!
 

Pilot777

Level 1
Thread author
Apr 25, 2022
29
1705162524542.png
.....Bla-bla-bla...The good old Bot, which is just some mindless AI algorythm, blabbering away seemingly conscious thoughts (mimicking real human response) - always good to have You onboard, if only purely for the sake of entertainment and, of course, some funny conversation while waiting for real people to join the discussion ))
 
Last edited:

Pilot777

Level 1
Thread author
Apr 25, 2022
29
Ha-ha!...This is actually a good one:
1705163278740.png


'Cause I forgot to mention, I've also tried to upload the malware in question to the Portal multiple times. Well, whatddayaknow - it always comes up clean :ROFLMAO:
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
752
Which brings me to my next point - maybe, just maybe, this particular malware is, for some unknown reason, is a part of some covert cyber operation.
Tbh for an covert cyber operation I would expect the chaining of zero day exploits or stuff like that e.g the Triangulation attack on Apples iMessage

 
  • Like
Reactions: simmerskool

OTTO

Level 1
Verified
Jul 18, 2015
26
I have similar experience with kaspersky. I love to play with malware. I grab malware samples from a website which give links to live malware links. This website's name ends with haus. Iam not sharing full name because it might be forbidden to share here.
Anyway, this website shares some links to malware files which has the extension of bmp. These are stated to be privateloader malware samples and encrypted by a malware analyst there. Bitdefender doesnt detect those files in the beginning but after i send them these files, they add signatures. (TRojan.generic). But i sent them to kaspersky also and they said no malicious software found in these files. So bitdefender says these files are malware and kaspersky says they are clean. I dont believe kaspersky because avast also blocks the link to these bmp files saying botnet link. I lost my trust in kaspersky. If i load these malware samples to kaspersky opentip, system tells me they are not categorized. If anyone interested, i can share those files.
 
  • Like
Reactions: South Park

OTTO

Level 1
Verified
Jul 18, 2015
26
I shared links in private. These files are stated be privateloader and some of them loads malwares like vidar loader, redline stealer, risepro stealer etc. These malware files are not detected almost any antivirus. Avast blocks some of the links but some links. Kaspersky doesnt know about them. When i exposed smilar bmp files to bitdefender telemetry they started to get detected by bitdefender. Norton finds them suspicious. They are not detected by antivirus companies. I have found some research related to these files.
These bmp files are mentioned in the below links that i shared. They are dangerous.

 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,286
I shared links in private. These files are stated be privateloader and some of them loads malwares like vidar loader, redline stealer, risepro stealer etc. These malware files are not detected almost any antivirus. Avast blocks some of the links but some links. Kaspersky doesnt know about them. When i exposed smilar bmp files to bitdefender telemetry they started to get detected by bitdefender. Norton finds them suspicious. They are not detected by antivirus companies. I have found some research related to these files.
These bmp files are mentioned in the below links that i shared. They are dangerous.


Can you send them to me in PM ?
I'll forward them to Avast :)
 

OTTO

Level 1
Verified
Jul 18, 2015
26
I can'T send you the links. ıt gives me error.
Btw one of the links on virustotal.
Link was sent to virustotal two days ago yet so far only one detection and no detection from major companies. It's frightening.


Screenshot Capture - 2024-01-13 - 21-13-28.png
 
  • Like
Reactions: Trident

Pilot777

Level 1
Thread author
Apr 25, 2022
29
File detected when searching Kaspersky's own threat portal. See below:
Well, first of all, if You just wait for a bit longer, then the Portal detection result strangely disappears, and, for some mysterious reason, in the end, the detection outcome always comes up as perfectly clean. I've done that several times, and I've seen it enough times to claim what I've just said. How can You even say that it's detected by kaspersky portal, when, in fact, it isn't, and that the actual kaspersky application installed on a PC is not handling this obvious threat?
 
  • Like
Reactions: ErzCrz
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top