Oh crap... PB ransomware
Re: Oh crap... PB ransomware
https://ibb.co/Bc40cTw
May be of interest to some here ( no, none of these are source for the malware, I wouldn't post that. )
advanced-threat-research/Yara-Rules has detection signature,
posted by someone purportedly from McAfee team
https://ibb.co/s527x6H
May be of interest to some here ( no, none of these are source for the malware, I wouldn't post that. )
advanced-threat-research/Yara-Rules has detection signature,
posted by someone purportedly from McAfee team
https://ibb.co/s527x6H
Re: Oh crap... PB ransomware
disable SmartScreen and real-time AV on Windows... done
If you're still reliant on signatures over HIPS and HIDS and sandboxing all it'll take is a obfuscator or stolen AuthentiCode key or exploit to load on your endpoints with a fully up to date AV anyway..
Also... It takes like 30 minutes to write a HTTP controlled file encryption(ransomware) in PB... Book-burning-hysteria isn't going to stop even someone who just started programming from making malware.. Should we remove the assembly section since it teaches people to reverse engineer and crack software?
If you're still reliant on signatures over HIPS and HIDS and sandboxing all it'll take is a obfuscator or stolen AuthentiCode key or exploit to load on your endpoints with a fully up to date AV anyway..
Also... It takes like 30 minutes to write a HTTP controlled file encryption(ransomware) in PB... Book-burning-hysteria isn't going to stop even someone who just started programming from making malware.. Should we remove the assembly section since it teaches people to reverse engineer and crack software?
The truth hurts.
Re: Oh crap... PB ransomware
And now, it looks like the publicity had gotten us a while new set of spammers. Oh, joy.
Re: Oh crap... PB ransomware
I only see the usual amount of spammers (which is bad enough) but since no one cares to push the forum into the next century nothing will change.Tenaja wrote:And now, it looks like the publicity had gotten us a while new set of spammers. Oh, joy.
Dont get me wrong - im mad because i love PB and i really dont like to see the forum in such a run down state.
Re: Oh crap... PB ransomware
Bad publicity is also publicity.
Real developers know that it is not the language that makes the virus but the user.
Enterprise users will surrender against that PB it is not a toy for beginners and that these possibilities are great.
On the contrary, sales may increase.
Antivirus vendors may start to study PB's operation closely instead of systematically quarantining all programs generated by it.
If they themselves create test programs with PB (even with demo version, a simple MessageRequester) and see that their antivirus puts it in quarantine they will realize that their scanning algorithms need to be reviewed...
Real developers know that it is not the language that makes the virus but the user.
Enterprise users will surrender against that PB it is not a toy for beginners and that these possibilities are great.
On the contrary, sales may increase.
Antivirus vendors may start to study PB's operation closely instead of systematically quarantining all programs generated by it.
If they themselves create test programs with PB (even with demo version, a simple MessageRequester) and see that their antivirus puts it in quarantine they will realize that their scanning algorithms need to be reviewed...
Re: Oh crap... PB ransomware
@Marc56us: I agree.
What would be bad, is, if many news sites would write that the programs created with the programming language "PureBasic" could contain some security vulnerabilities, because the native libraries are partly very outdated (very old RegEx-Lib).
What would be bad, is, if many news sites would write that the programs created with the programming language "PureBasic" could contain some security vulnerabilities, because the native libraries are partly very outdated (very old RegEx-Lib).
Why OpenSource should have a license :: PB-CodeArchiv-Rebirth :: Pleasant-Dark (syntax color scheme) :: RegEx-Engine (compiles RegExes to NFA/DFA)
Manjaro Xfce x64 (Main system) :: Windows 10 Home (VirtualBox) :: Newest PureBasic version
Re: Oh crap... PB ransomware
PHP gets such headlines by influential security people daily.. It's the default CGI option on most of the worlds web hosting and what most CMS are written in..Sicro wrote:@Marc56us: I agree.
What would be bad, is, if many news sites would write that the programs created with the programming language "PureBasic" could contain some security vulnerabilities, because the native libraries are partly very outdated (very old RegEx-Lib).
EU and American agencies like the IRS use socketed Java around their data management(don't look too deep on official&signed EU smartcard browser plugins)... lol
I've seen ransomware written in native GoLang and it's basically hack proof...
This thread gives a lot of wrong impressions about AV companies and signatures and modern endpoint security... Any up to date *known* AV solution isn't going to have detection rules for compiler stubs, and will likely only use IAT and entropy stats for heuristics..
The truth hurts.
Re: Oh crap... PB ransomware
So, do I understand correctly -> this old, security risk version is still used in PureBasic?Sicro wrote:@Marc56us: I agree.
What would be bad, is, if many news sites would write that the programs created with the programming language "PureBasic" could contain some security vulnerabilities, because the native libraries are partly very outdated (very old RegEx-Lib).
And this is not a problem???
Re: Oh crap... PB ransomware
I don't follow the development of PHP, but I suspect that the security issues there are fixed faster — or does it take there also more than 7 years?tj1010 wrote:PHP gets such headlines by influential security people daily
I doubt that the security issues with PHP exist because very outdated third-party libraries are shipped by the PHP installer. I think they always include up-to-date versions of third-party libs — at least with every release of the PHP installer.
Yes, many companies avoid extensive security vulnerability testing in order to save costs or whatever ...tj1010 wrote:EU and American agencies like the IRS use socketed Java around their data management(don't look too deep on official&signed EU smartcard browser plugins)... lol
It is wrong and every company will atone for it sooner or later. As we can see it again and again.
Yes.HanPBF wrote:So, do I understand correctly -> this old, security risk version is still used in PureBasic?
In the sentence you quoted from me, I wrote that it is a problem.HanPBF wrote:And this is not a problem???
Why OpenSource should have a license :: PB-CodeArchiv-Rebirth :: Pleasant-Dark (syntax color scheme) :: RegEx-Engine (compiles RegExes to NFA/DFA)
Manjaro Xfce x64 (Main system) :: Windows 10 Home (VirtualBox) :: Newest PureBasic version
Re: Oh crap... PB ransomware
@Sicro
Of course, my sentence was irony...desperate irony.
Long: I did get rid of PureBasic from my office PC completely. Everything about the business model and hobbyist/professional kind of environment was very often said. I will check this forum again in 2022.
Short: game over.
Of course, my sentence was irony...desperate irony.
Long: I did get rid of PureBasic from my office PC completely. Everything about the business model and hobbyist/professional kind of environment was very often said. I will check this forum again in 2022.
Short: game over.
Re: Oh crap... PB ransomware
HanPBF - So much wrong with your post.
Defeatist, gloom and doom, baseless, and finally, contradictory. See you in 2022, we'll be here.
Defeatist, gloom and doom, baseless, and finally, contradictory. See you in 2022, we'll be here.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
-
- Addict
- Posts: 4527
- Joined: Thu Jun 07, 2007 3:25 pm
- Location: Berlin, Germany
Re: Oh crap... PB ransomware
Sicro wrote:Yes.HanPBF wrote:So, do I understand correctly -> this old, security risk version is still used in PureBasic?
In the sentence you quoted from me, I wrote that it is a problem.HanPBF wrote:And this is not a problem???
The problem about the security risk is different from the problem that there is ransomware which was written in PB. And that security risk is discussed in a separete thread.HanPBF wrote:@Sicro
Of course, my sentence was irony...desperate irony.
HanPBF wrote:I will check this forum again in 2022.
skywalk wrote:See you in 2022, we'll be here.
Re: Oh crap... PB ransomware
Thanks skywalk
If I am still alive ,I hope I will be here 2022 too
If I am still alive ,I hope I will be here 2022 too
Egypt my love
Re: Oh crap... PB ransomware
Haha, me too! And if not, I will haunt you all
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
- Fangbeast
- PureBasic Protozoa
- Posts: 4749
- Joined: Fri Apr 25, 2003 3:08 pm
- Location: Not Sydney!!! (Bad water, no goats)
Re: Oh crap... PB ransomware
And I'll show all you silly buggers my dessicated fangs of doom:):)
Amateur Radio, D-STAR/VK3HAF