Author Topic: Win32.Leon  (Read 3547 times)

0 Members and 1 Guest are viewing this topic.

January 22, 2008, 05:39:41 pm
Read 3547 times

sowhat-x

  • Guest
...not a direct malicious link,but a newly released virus.
Detection rates at the current moment are pretty much what I would describe as terrible...
namely,the virus itself has a detection rate of 19% at VirusTotal...
and executables infected by it,give even more disappointing results:
6% success rate - marked as suspicious...
Quote
hxxp://fat.next-touch.com/code.html

Virus itself is 'constructed' with the aid of a tool called "kpasm",
made by the same author,and listed in the same page mentioned above.
You can read a bit more info about it here,as I hate copy/pasting stuff around...
http://www.teamfurry.com/index.php?topic=32.0

February 09, 2008, 02:08:47 am
Reply #1

sowhat-x

  • Guest
About 17 days later...so,let's see what's changed around...results from VirusTotal obviously:

22 Jan
Main virus sample:19% rate
Infected samples:  6% rate

25 Jan
Main virus sample:25% rate
Infected samples: 18% rate

9 Feb
Main virus sample:25% rate
Infected samples: 12% rate (...less than two weeks ago?)

Quite nice,rotfl...and we're talking about a single one polymorphic virus,
that was released along with sources...not some kind of private sample.
And no,in case anyone was wondering,I'm not gonna bother checking it again in the future...

February 10, 2008, 12:00:24 am
Reply #2

julevine

  • Special Access
  • Jr. Member

  • Offline
  • *

  • 14
I downloaded win32 leon virus and panda internet security 2008 proactivly blocks it with it 's genetic heurstics  at medum settings

i recommend  using  online panda totalscan it currently detects  3,144,707 threats  and counting

i recommend using  panda internet security 2008 becuase of its proactive protection it had a 94% Proactive Detection  for September

key components internet security 2008  has included

1 genetic heurstics 

2 Kernel Rules Engine = Protects against known and unknown vulnerabilities in other applications like browser. and others

3 AI-Based Correlation Engine Protects against unknown malware running on the system

4 Port Scanning and Blocking Detects malicious network packets to protect against known
and unknown worms and buffer overflow exploits and acts as a control point to prevent malware
from propagating to other systems on the network

February 10, 2008, 04:09:44 am
Reply #3

sowhat-x

  • Guest
Quote
i recommend using  panda internet security 2008
...he-he,personally,I recommend VMware and OllyDbg,
along with a couple of pe editors and packet analyzers,lol...  ;D

Ok,seriously now...concept isn't about if this/that or the other AV security product,
could pro-actively detect and block a specific malicious sample:
the AV products comparison "logic" is something that certainly hasn't much to offer,
at least in today's reality,something that has already been discussed in the past...
There are literally hundreds of meaningless threads out there,
were people waste their time comparing AV products...
and the only thing that came as a result out of this,was to simply spread more confusion...

To stick back to the topic...a practical reference certainly is of general interest,
eg.my av got this in that sample or missed that in the other case...after all,
either we like it or not,we all make use of some AV product,at least in the win32 world.
The rest part of it though,eg.referring to what features a commercial AV product,
added/enhanced in their newer version and similar stuff...
is nothing more than replication of some company's advertisement statements...

This is not to be considered as a criticism towards Panda of course,
their product is obviously one of the most respectable out there...
For the time being,no harm done,I'll leave it above as is...
next time though someone promotes a specific commercial product,
sorry guys,but I'll have to edit the post in question...after all,
AV products have their own sites/blogs/forums to do that. :)
And one thing for sure,we certainly suggest that everyone visits all of them,
and reads the info that they choose to share with the public,without exceptions... ;)

Not to be taken as a personal "warning" and similar crap,by mods with 'cop's alike" attitude...
something that I guess everyone has came across more or less... >:(
It's strictly for pure reasons of reliability...meant to be understood as part of MDL's policy:
quite a few boards out there have turned themselves to 'marketplaces',
with end-users arguing in endless non-sense discussions and av product comparisons...
sometimes also mixed up with AV representatives that try to influence people,
instead of actually sharing part of their knowledge/experience...