Late last night I was surfing some forums looking at interesting posts and I noticed one about an MD5 Cracker that utilized various Free Online Services.
Intrigued I downloaded this utility, However suspecting a virus or trojan of some kind, I ran this utility through 37 Anti-Virus Scanners via VirusTotal - Free Online Virus and Malware Scan. Nothing!!. Every scanner on the market gave it a clean-chit including every single heuristic feature these scanners boast.
Being as paranoid as I am, I finally ran this utility through Sandboxie. A few seconds later, Comodo Firewall Pro came up with an alert: The utility was trying to connect to an FTP Server. Instantly I ran Wireshark and sniffed the Username/Password credentials for the FTP Server.
I put these details into Filezilla and in a few seconds I was connect to the server. The server was filled with log files from hundreds of users. The malware had dumped Saved Passwords from IE, Chrome, Firefox etc and uploaded these log files onto the server. After downloading a few of these files for deeper investigation, I deleted every file on the server to ensure that the compromised users would not have their information hi-jacked.
On further investigation of the log files, the virus seemed to be one from mutX.org. I was thoroughly disappointed that a known virus-strain could evade every single Anti-Virus scanner on the market even though it had such obvious heuristic traits such as: dumping information from browsers, msn messenger and uploading it to a rogue ftp server.
This entire episode reminded me about a Podcast I heard last week where Robin Bloor was a guest discussing AVID (Antivirus is Dead). After this particular incident, I couldn't agree more with Robin. If this particular incident had targeted an Organization as opposed to some Security Forums, it could have cause massive damage and probable financial loss to these organizations.
I have always been a fan of Layering Security and in this particular instance layering Avira Antivir, Comodo Firewall Pro, Sandboxie etc together really paid off.
Intrigued I downloaded this utility, However suspecting a virus or trojan of some kind, I ran this utility through 37 Anti-Virus Scanners via VirusTotal - Free Online Virus and Malware Scan. Nothing!!. Every scanner on the market gave it a clean-chit including every single heuristic feature these scanners boast.
Being as paranoid as I am, I finally ran this utility through Sandboxie. A few seconds later, Comodo Firewall Pro came up with an alert: The utility was trying to connect to an FTP Server. Instantly I ran Wireshark and sniffed the Username/Password credentials for the FTP Server.
I put these details into Filezilla and in a few seconds I was connect to the server. The server was filled with log files from hundreds of users. The malware had dumped Saved Passwords from IE, Chrome, Firefox etc and uploaded these log files onto the server. After downloading a few of these files for deeper investigation, I deleted every file on the server to ensure that the compromised users would not have their information hi-jacked.
On further investigation of the log files, the virus seemed to be one from mutX.org. I was thoroughly disappointed that a known virus-strain could evade every single Anti-Virus scanner on the market even though it had such obvious heuristic traits such as: dumping information from browsers, msn messenger and uploading it to a rogue ftp server.
This entire episode reminded me about a Podcast I heard last week where Robin Bloor was a guest discussing AVID (Antivirus is Dead). After this particular incident, I couldn't agree more with Robin. If this particular incident had targeted an Organization as opposed to some Security Forums, it could have cause massive damage and probable financial loss to these organizations.
I have always been a fan of Layering Security and in this particular instance layering Avira Antivir, Comodo Firewall Pro, Sandboxie etc together really paid off.