Oh crap... PB ransomware
Oh crap... PB ransomware
https://yro.slashdot.org/story/19/11/12 ... er-servers
To the guys who write these ransomware platforms, who are probably even on this forum somewhere: Could you not use languages like Go instead?
Now Purebasic programs will be flagged by Antivirus even more.
To the guys who write these ransomware platforms, who are probably even on this forum somewhere: Could you not use languages like Go instead?
Now Purebasic programs will be flagged by Antivirus even more.
"I have never let my schooling interfere with my education." - Mark Twain
Re: Oh crap... PB ransomware
Wow! Detailed info:
https://www.intezer.com/blog-purelocker ... t-servers/
PureBasic will definitely get more exposure from this, but perhaps not in a good way.
https://www.intezer.com/blog-purelocker ... t-servers/
PureBasic will definitely get more exposure from this, but perhaps not in a good way.
Re: Oh crap... PB ransomware
It will get both. ANY language can be used in truly annoying ways. I'm amazed if it hasn't been done before in PurebasicBarryG wrote:Wow! Detailed info:
https://www.intezer.com/blog-purelocker ... t-servers/
PureBasic will definitely get more exposure from this, but perhaps not in a good way.
sometime in the past..
In the meantime Purebasic will get a lot more exposure - in a good way.
Current configurations:
Ubuntu 20.04/64 bit - Window 10 64 bit
Intel 6800K, GeForce Gtx 1060, 32 gb ram.
Amd Ryzen 9 5950X, GeForce 3070, 128 gb ram.
Ubuntu 20.04/64 bit - Window 10 64 bit
Intel 6800K, GeForce Gtx 1060, 32 gb ram.
Amd Ryzen 9 5950X, GeForce 3070, 128 gb ram.
- NicTheQuick
- Addict
- Posts: 1227
- Joined: Sun Jun 22, 2003 7:43 pm
- Location: Germany, Saarbrücken
- Contact:
Re: Oh crap... PB ransomware
Wasn't there a user recently who wanted to know how to wipe files securely?intezer.com wrote:The ransomware then secure-deletes the original files in order to prevent recovery.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
- StarBootics
- Addict
- Posts: 984
- Joined: Sun Jul 07, 2013 11:35 am
- Location: Canada
Re: Oh crap... PB ransomware
I had to have been used before, since most av's flag so many programs we are writing. I've had to add whitelists to every av I've used.
Re: Oh crap... PB ransomware
That's definitely not good exposure and antivirus will raise the bar against PB exec for sure
Re: Oh crap... PB ransomware
Ugh, I hate this. PureBasic is so awesome and shouldn't be used for criminal purposes.
Re: Oh crap... PB ransomware
There have been a few strange posts in the past about this sort of thing - or at least it sounded a lot like it. Users with 1 or so posts asking questions that just didn't seem right. It's very hard to determine the legitimacy of a users question, unless they are around for a while. I'm all for all sorts of hacking - black/white/pink/rasta hat... but only out of a proof of concept interest.
Ransomware is a sucky concept - but as far as I know it's pretty hard to be caught with it if you are not downloading and executing everything like a lunatic.
It's not PB's "fault" it is a good dev envirnoment for malware. That just shows it is simply a good dev environment. You can make anything.
Ransomware is a sucky concept - but as far as I know it's pretty hard to be caught with it if you are not downloading and executing everything like a lunatic.
It's not PB's "fault" it is a good dev envirnoment for malware. That just shows it is simply a good dev environment. You can make anything.
Proud supporter of PB! * Musician * C64/6502 Freak
Re: Oh crap... PB ransomware
I don't use AVs and have little idea about signatures, etc...
But why this?:
What makes pb exes diffrent?
But why this?:
It would be easier to detect if it was written in plain c using some free compiler?AV vendors have trouble generating reliable detection signatures for PureBasic binaries
What makes pb exes diffrent?
Re: Oh crap... PB ransomware
The statement is too nebulous.
There was mention of telemetry api's compiled into visual studio app's. I thought pb would have those also if the compiler is compiled in VS 2013/15.
There was mention of telemetry api's compiled into visual studio app's. I thought pb would have those also if the compiler is compiled in VS 2013/15.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Re: Oh crap... PB ransomware
I have banned PureBasic from my developments being always afraid of possible antivirus problems.
Even more, tomorrow I gonna have to ban PureBasic completely from my office PC.
That makes me sad...
Also my question: "Is there anything making PB's exes special separate from being very efficient?"
Sometimes I wonder if antivirus detection thinks "a program can not be that small" or something similar...
Even more, tomorrow I gonna have to ban PureBasic completely from my office PC.
That makes me sad...
Also my question: "Is there anything making PB's exes special separate from being very efficient?"
Sometimes I wonder if antivirus detection thinks "a program can not be that small" or something similar...
Re: Oh crap... PB ransomware
Hmmmh...
If I have the source and make it public to the internal users and assume that there is no malware in PureBasic itself, is this a real big problem in an Intranet environment?
Some colleagues often ask me to send them links to file shares so they can click on it and explorer opens immediately.
And I always answer: no, I will not send You clickable links.
Those are the things (from other senders) that are dangerous and not the knife who built the wood carving, correct?
If I have the source and make it public to the internal users and assume that there is no malware in PureBasic itself, is this a real big problem in an Intranet environment?
Some colleagues often ask me to send them links to file shares so they can click on it and explorer opens immediately.
And I always answer: no, I will not send You clickable links.
Those are the things (from other senders) that are dangerous and not the knife who built the wood carving, correct?
Re: Oh crap... PB ransomware
What? Why? PureBasic isn't infected or has malware. An executable compiled with it is. What you're saying is like banning Excel because someone made a bad spreadsheet.HanPBF wrote:I have banned PureBasic from my developments being always afraid of possible antivirus problems.
Even more, tomorrow I gonna have to ban PureBasic completely from my office PC.
No, it's not that: I (and others) have tested this before by adding extra bloat to their exes, making them between 10 MB and 150 MB in size. And there's lots of other small exes (under 1 MB) written in other languages that don't get flagged. I have plenty of them on my PC.HanPBF wrote:Sometimes I wonder if antivirus detection thinks "a program can not be that small"
One of my apps recently got flagged with 13 "viruses" (in reality: false positives) by VirusTotal. I was using the 32-bit compiler of PureBasic. I compiled the same app with the 64-bit version and only got 2 false positives. Says a lot.
Adding version info to your PureBasic exe can reduce false positives. My example app above didn't have it at first, and had about 4 extra false-positives until I added it.
Don't get too hung up on digitally signing your exes, either: there's another current ransomware (Megacortex) who's exe is digitally signed to a company in Australia. So, signing doesn't provide protection or "prove" that an exe is safe at all.
PureLocker requires admin rights to run, which nobody should really be doing anyway; plus it uses code from other ransomware apps, so it will soon be easy for AV to detect because the other code signatures are well-known.
There's no reason to ditch PureBasic over this.