- Регистрация
- 26.12.2012
- Сообщения
- 2 780
- Репутация
Прости.Больше не буду.
Факкинг сканеры
- Автор темы X-Shar
- Дата начала
- Регистрация
- 26.12.2012
- Сообщения
- 2 780
- Репутация
Ди бритиш ан ди рефудми закрывахтунг..
A male and a female, both aged 22 and hailing from Colchester, Essex in the United Kingdom, were arrested on suspicion of operating two services featured in many malware business models – the popular counter antivirus (CAV) service Refud.me and the crypting service Cryptex Reborn. Both services have been taken down thanks to the partnership of Trend Micro’s Forward-Looking Threat Research team and the National Crime Agency of the UK (NCA).
These latest takedowns are milestones in anti-cybercrime efforts. Refud.me and Cryptex Reborn were both key components of a much larger underground business model. Rendering them inoperable throws a wrench at ongoing cybercriminal operations in and beyond the UK as this can force cybercriminals to spread malware that are more prone to detection.
“This investigation is the result of Trend Micro’s collaboration with the National Crime Agency of the UK (NCA) and other partners to tackle some of the core components that enable cybercriminal business models to exist,” said Martin Rösler, senior director of The Forward-Looking Threat Research team for Trend Micro. Back in July 2015 Trend Micro and the NCA signed a Memorandum of Understanding (MOU), marking a significant step to understand and fight cybercrime. The agreement also formed a cross-organization virtual team to identify innovative ways of tackling specific cybercrime threats. The arrest made as a result of this partnership was announced earlier today in a
Refud.me and Cryptex Reborn
Refud.me and Cryptex Reborn have been heavily advertised and used on cybercriminal underground forums. One particular forum, Hackforums.net, is known for hosting discussions on hacking, technology and gaming.
Figure 1. Example post of Refud.me scan results on Hackforums.net
Refud.me has been advertised on Hackforums.net since the end of February 2015, with several new features added during that time. A “scanwatch” feature which allows for the constant scanning and alerting of the detection status of an uploaded file was added at the end of June 2015.
Figure 2. The refud.me service
Refud.me provided CAV scanners, allowing users to upload a sample they want scanned, and this will then be tested for detection against typically 30-40 of the best known AV companies’ products. The goal here is to ensure for a malware author or user that their malware is detected by as few companies as possible, before releasing it against their targets. It should be noted that similar legitimate multi-scanner services also exist – however a key difference with a CAV is that all sharing of samples or feedback data with the various AV companies are disabled, and this is actively advertised in advertisements.
On the other hand, Cryptex Reborn provides crypting services, which means taking a particular program, almost always malware, and modifying it to attempt to bypass the detection engines of the major antivirus companies. A piece of malware modified in such a way, that is no longer detected by an AV company at the time of release is known as FUD (Fully UnDetectable). This does not normally take into account the more advanced heuristic features of modern AV engines.
The Cryptex Reborn toolkit has undergone several major updates over time. The original tool, simply called “Cryptex” was advertised from at least October 2011. Later in 2011 this tool forked to become two crypting tools – “Cryptex Lite” and “Cryptex Advanced”, each with different levels of capabilities. These tools saw frequent version updates to counteract new improvements in antivirus engines. The current major iteration of the Cryptex toolkit is entitled “Cryptex Reborn” which was first advertised in September 2014.
“Helping to take down operations such as this is part of our ongoing effort to keep the world safe for exchanging digital information, for both our customers and the Internet at large,” Martin Rösler said.
Trend Micro has long believed that
These latest takedowns are milestones in anti-cybercrime efforts. Refud.me and Cryptex Reborn were both key components of a much larger underground business model. Rendering them inoperable throws a wrench at ongoing cybercriminal operations in and beyond the UK as this can force cybercriminals to spread malware that are more prone to detection.
“This investigation is the result of Trend Micro’s collaboration with the National Crime Agency of the UK (NCA) and other partners to tackle some of the core components that enable cybercriminal business models to exist,” said Martin Rösler, senior director of The Forward-Looking Threat Research team for Trend Micro. Back in July 2015 Trend Micro and the NCA signed a Memorandum of Understanding (MOU), marking a significant step to understand and fight cybercrime. The agreement also formed a cross-organization virtual team to identify innovative ways of tackling specific cybercrime threats. The arrest made as a result of this partnership was announced earlier today in a
Вы должны зарегистрироваться, чтобы увидеть внешние ссылки
.Refud.me and Cryptex Reborn
Refud.me and Cryptex Reborn have been heavily advertised and used on cybercriminal underground forums. One particular forum, Hackforums.net, is known for hosting discussions on hacking, technology and gaming.
Figure 1. Example post of Refud.me scan results on Hackforums.net
Refud.me has been advertised on Hackforums.net since the end of February 2015, with several new features added during that time. A “scanwatch” feature which allows for the constant scanning and alerting of the detection status of an uploaded file was added at the end of June 2015.
Figure 2. The refud.me service
Refud.me provided CAV scanners, allowing users to upload a sample they want scanned, and this will then be tested for detection against typically 30-40 of the best known AV companies’ products. The goal here is to ensure for a malware author or user that their malware is detected by as few companies as possible, before releasing it against their targets. It should be noted that similar legitimate multi-scanner services also exist – however a key difference with a CAV is that all sharing of samples or feedback data with the various AV companies are disabled, and this is actively advertised in advertisements.
On the other hand, Cryptex Reborn provides crypting services, which means taking a particular program, almost always malware, and modifying it to attempt to bypass the detection engines of the major antivirus companies. A piece of malware modified in such a way, that is no longer detected by an AV company at the time of release is known as FUD (Fully UnDetectable). This does not normally take into account the more advanced heuristic features of modern AV engines.
The Cryptex Reborn toolkit has undergone several major updates over time. The original tool, simply called “Cryptex” was advertised from at least October 2011. Later in 2011 this tool forked to become two crypting tools – “Cryptex Lite” and “Cryptex Advanced”, each with different levels of capabilities. These tools saw frequent version updates to counteract new improvements in antivirus engines. The current major iteration of the Cryptex toolkit is entitled “Cryptex Reborn” which was first advertised in September 2014.
“Helping to take down operations such as this is part of our ongoing effort to keep the world safe for exchanging digital information, for both our customers and the Internet at large,” Martin Rösler said.
Trend Micro has long believed that
Вы должны зарегистрироваться, чтобы увидеть внешние ссылки
is key to a lasting solution against cybercrime. In October, we partnered with the Federal Bureau of Investigation (FBI) and several security vendors to take down the
Вы должны зарегистрироваться, чтобы увидеть внешние ссылки
known for targeting banks. We have also collaborated with the International Criminal Police Organization (INTERPOL) and other vendors to take down the
Вы должны зарегистрироваться, чтобы увидеть внешние ссылки
early this year.
- Регистрация
- 14.12.2014
- Сообщения
- 247
- Репутация
Вы должны зарегистрироваться, чтобы увидеть внешние ссылки
- Регистрация
- 22.10.2016
- Сообщения
- 59
- Репутация
Есть идея: качаешь на комп себе кучу антивирей, берёшь их исполняемые файлы и смотришь какие в них есть команды для консольного сканирования(или можно пробовать эмулировать сканирование, т.е. посмотреть как оно делаеться, какие стадии проходит, какие функции, и написать прогу которая бы их выполняла
но это только для проффи
), пишешь скрипт который сканирует файл всемя антивирями которые это поддерживают, кидаешь всё в одну папку(или sfx-архив), всё, прога для сканирования антивирями готова, совершенно бесплатно
- Регистрация
- 03.06.2012
- Сообщения
- 6 082
- Репутация
Не пинайте сильно, но я на VT лью, потом меняю немножко код, либо разбавляю мусором и детект слетает...
Толи аверы туповаты, может из-за того-что не трояню не кого, но факт, банально сбивание хеша и будет обход многих антивирусов, которые детектят на VT !
Толи аверы туповаты, может из-за того-что не трояню не кого, но факт, банально сбивание хеша и будет обход многих антивирусов, которые детектят на VT !
- Регистрация
- 18.05.2014
- Сообщения
- 425
- Репутация
это так не работает) по началу может детект собьется, но из-за залива на вт аверы накинут еще сигнатур на стаб, и уже через пару дней твоя чистка будет детектитсяНе пинайте сильно, но я на VT лью, потом меняю немножко код, либо разбавляю мусором и детект слетает...
Толи аверы туповаты, может из-за того-что не трояню не кого, но факт, банально сбивание хеша и будет обход многих антивирусов, которые детектят на VT !
| Автор темы | Похожие темы | Форум | Ответы | Дата |
|---|---|---|---|---|
|
Программа ИБ Безопасные сканеры на вирусы | Крипторы и исследование защиты | 12 |
| Похожие темы |
|---|
| Программа ИБ Безопасные сканеры на вирусы |