Broadband Tech > Security > Security > veloz scumware seen on comercial just now

reply to novaflare

Re: veloz scumware seen on comercial just now

Eric. You are right.

But then again I think this is an issue of credibility. Nothing more and nothing less.

When I click on that Stop-Sign link and KAV pops-up with an alert of a trojan downloader, and when I can confirm that it is not a false positive, taking into account that all major AVs also flag it, I don't really care much what the reason or naming politics are or even why or how this stuff tries to get in your box. That's all an academic exercise.

The only real thing here is that if you download an AV, it should not contain dubious code. And I say dubious giving these guys some slack.

I can understand that if you install Kazaa or the DivX player, ok, there are some things you will need to cope with, but an AV is a whole different, dare I say,ethics game.

I mean. If you can't trust your AV, who you gonna trust?
--
From the GSV "Ethics Gradient"

Forget God then, Stephen Hawking is now saying he has been wrong about blackholes for 2 decades.

All it will take is an experiment with direct observation on a test computer.

It can't be done with blackholes, but it can be done with stop-sign.

I strongly suspect Eric is right on this about this one file. It sounds like what I've seen anti-adware companies openly admit to -- labelling software based on association -- but again, the experiment is not prohibitively difficult if someone has the system and tools available.

And this is especially so because Kaspersky didn't write up anything in its virus dictionary on the file (that I could find). So I doubt they did their own research on it. And Kaspersky is as good as AV companies get.

You say you get a drive-by download with default settings on a patched up-to-date Windows XP SP2 system with MSIE 6. I don't see that, but then my system has had a lot of security stuff installed over the years, so my system probably has lots of obscure settings that are no longer defaults. Could this be an SP2 bug?

Does anyone with up-to-date MS supported non-beta Windows XP or W2K and non-beta up-to-date MS supported MSIE 6sp1 have this start downloading on its own?

We know that Firefox downloads to the cache anything on a page visited (I read this in a FF topic here), requested or not. So Firefox merely downloading this to cache doesn't mean a hijack -- it is normal Firefox behaviour. Executing it without a user request -- that would not be normal Firefox behaviour.

The real determination on stop-sign requires an experiement and direct observation.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ)

reply to Martinus
Martin:

That an AV program flags the download as containing a "trojan downloader" should be cause for alarm among users. But those looking into the software in a Security forum such as this one need to go beyond that initial report and investigate the underlying basis for the detection ('Win32.Wren Trojan Downloader").

Thus, this endless posting of screenshots of AV programs' detection of the eAcceleration stub downloader doesn't tell us much. We already knew that AV products were flagging the stub downloader as far back as 2002/2003 because of the distribution techniques used by eAcceleration. But the detection in and of itself tells us very little.

Let me be clear: I wouldn't recommend eAcceleration's software to anyone -- and I say that having actually gone through the full download and installation several times at this point and having actually used the software (I've got several megs of screenshots, scan logs, notes, copies of web pages, copies of various versions of the software, et al).

Moreover, I think the AV companies have been perfectly justified in targeting eAcceleration's software based on their past behavior -- behavior for which the company remains completely and utterly unrepentant, by the way. That alone is enough for me to continue to list this software on my "Rogue/Suspect Anti-Spyware" page ( »www.spywarewarrior.com/rogue_ant···ware.htm ) -- because the company is simply not a trustworthy source for anti-malware software, in my judgment.

You'll notice, though, that the entry for Stop-Sign in that "Rogue/Suspect Anti-Spyware" list does not specify that Stop-Sign "installs malware." There's a reason for that: namely, the detection that has been reported in this thread is for the stub downloader itself, not a separate piece of malware. So far as I can tell, you can install Stop-Sign without fear of having a virus, trojan, worm, or other piece of malware dropped on your box. The software may not be a very good anti-malware scanner, but it doesn't install malware itself.

In other words, it's a matter of classification at this point. And readers who see the screenshots of AV programs detecting "Win32.Wren Trojan Downloader" ought to be clear on just why that detection is happening and what it means.

Eric L. Howes

reply to keith2468

said by keith2468:

---

Forget God then, Stephen Hawking is now saying he has been wrong about blackholes for 2 decades.

---

reply to eburger68

said by eburger68:

---

So far as I can tell, you can install Stop-Sign without fear of having a virus, trojan, worm, or other piece of malware dropped on your box.

---

Re: Does it really matter?

said by slimpickinz:

---

The most common denominator in this thread seems to be IE.
Get a grip.
Shed the IE.
Then it really is a non-issue.

---

reply to Anon

said by slimpickinz:

---

The most common denominator in this thread seems to be IE.
Get a grip.
Shed the IE.
Then it really is a non-issue.

---

reply to Martinus

Re: veloz scumware seen on comercial just now

said by Martinus:

---

...Stop-Sign? - free software which does the following:

"*Free Trial version detects but does not cure threats.
**Free Trial version detects but does not remove spyware.
***Free Trial version has limited functionality."

---