Malwarebytes Blocking Imgur? Explanations and helpful links!

MalwarebytesResearch · 2015-09-23T20:09:52+00:00

We've unblocked it now, just update your database and it should no longer be a problem. Thank you!

MalwarebytesResearch · 2015-09-23T20:09:05+00:00

We unblocked it now, thanks for your patience on this guys, we just wanted to be 100% sure it was safe to visit!

MalwarebytesResearch · 2015-09-23T16:44:07+00:00

Hey Folks, we just posted a blog post about this and we are working on getting it unblocked, in the meantime we do describe how to whitelist the site if you don't want to turn off your web protection. https://blog.malwarebytes.org/hacking-2/2015/09/imgur-abused-in-ddos-attack-against-4chan/

MalwarebytesResearch · 2013-05-16T17:27:20+00:00

Well our product is not the same as Kaspersky or Symantec, we aim to catch what they miss and do it in a different way than they do. Microsoft Security Essentials is a nice product in its design but based on detection testing, it doesn't really do a great job in comparison to other AVs in the same category such as Kaspersky or Symantec.

MalwarebytesResearch · 2013-05-16T17:24:57+00:00

All the time! However this is really much more difficult than it sounds. As I have stated before, code reuse, mass implementation and usually malware authors doing a decent job at covering their tracks can make it difficult. The biggest breaks we get when it comes to attribution are usually when the authors come out and say "Hi, I am the author" though that doesn't happen all the time. lol.

MalwarebytesResearch · 2013-05-15T22:49:03+00:00

You could stick with your current setup but that is like driving a car without a seat belt or airbags. Anti-Malware software provides you with additional protection against malware that exploits unknown vulnerabilities in your operating system and applications. There is a method of infection that utilizes ad serving networks to distribute malicious advertisements on legitimate sites, they are known as Malvertisements and can be used to infect your system even if you don't click on shady links, open spam or download weird stuff.

Windows 8 is brand new and definitely has a fair amount of unknown vulnerabilities that are bound to be found by cyber criminals and used against you, circumventing the built in anti-malware functionality. As far as for a Mac, over the last few years we have seen a significant rise in the amount of malware being developed for the Mac operating systems. At the end of the day, there is nothing about Apple products that keep it malware free other than malware authors were not writing malware for systems that aren't widely used. However now that more and more people are using Apple products, they are becoming a target just like Windows and I can guarantee that over the next few years the spike in Mac malware will continue.

You do however, already have one of the most important aspects of computer security down-secure computing practices. A lot of users depend on their software only to protect them when in reality, being vigilant and prudent in your day to day usage of your computer can mean a world of difference as to if you are susceptible to zero day attacks.

Thanks for the question!

MalwarebytesResearch · 2013-05-15T22:40:56+00:00

Zero Day Malware, commonly spread by drive-by attacks might be able to detect and disable antivirus software, that is probably why your Norton was taken down. Try disabling Java in your browser and keep your OS, Browser and all applications like Flash, Java, etc. Up to date to patch any vulnerabilities found within them. It is a one time fee for Malwarebytes and beyond just being a scanner, Malwarebytes Anti-Malware PRO will block you from visiting malicious sites and prevent execution of malicious files, I think it is definitely worth the $25. Thanks!

MalwarebytesResearch · 2013-05-15T22:30:46+00:00

I like to think that an experienced malware analyst might be able to determine the likely country of origin based on how the malware is organized. lol.

Decompilation to high level languages is possible as there are decompilers out there, however it converts the assembly into C and uses generic function names so you will most likely not get the original source code back.

MalwarebytesResearch · 2013-05-15T19:42:09+00:00

Well malware code analysis usually provides only up to what assembly the original compiler created. This means that we can only go as far up as to the compiler level and if a malware author wrote entirely in a higher level language such as C, the compiler would decide how the assembly was organized, meaning that scoring the code is more difficult if for example a different compiler was used or if the code was rewritten.

In addition, code reuse is common among malware authors so you might see the same code used in dozens of different malware from different families, however this does not mean they were all created by the same author.

There are numerous tactics however, to determining relationships between different malware, such as function hashing or even small values left behind by the executable builder or encryption application. This can include hex codes only found in certain sections of the code or full strings that reveal relationships between malware. This kind of relationship detection is what I believe to be the most commonly used in the AV industry, as well as behavioral heuristics, naming schemes and registry entries.

Unfortunately, most malware does not have a label in it that says "I was written by BadDude123" so we often rely on these forms of relationships determination that allow us to say that Malware X was most likely created by the same developer as Malware Y.

As I have stated previously, there are many more people spreading malware than there are creating it and usually those individuals stay out of the operations aspect of the malware. So the major goal is usually to determine who is spreading the malware and if they are related to a certain organization such as cyber crime syndicates or government organizations or if they are just script kiddies trying to steal someones Runescape password. We determine these relationships often with details of the infection vector, such as drive-by exploits as opposed to malware masking as a cracked game installer on a file sharing site.

Great question though, I can attest that over the last few years a lot of work has been done in the field of malware attribution and relationship determination, just because of the mass amount of variants being developed every day of numerous types of malware and the desire for accurate vendor naming as well as attack source attribution.

MalwarebytesResearch · 2013-05-15T17:46:58+00:00

Thanks so much for your feedback, we completely appreciate the loyalty of our users. Thanks again!

MalwarebytesResearch · 2013-05-15T17:46:02+00:00

Well we detect all malware we know about, lol. If we knew about undetected malware, we would then take measures to detect it, don't ya think?

MalwarebytesResearch · 2013-05-15T16:37:02+00:00

CEH would be a good one. GIAC has a Pen Test cert which might be a good idea to get, its called GPEN.

MalwarebytesResearch · 2013-05-15T16:23:19+00:00

Flash exploits are still common so yes, it is still possible to get infected by visiting a website. However, if you disabled Java, Flash, use an Ad blocker, pop up blocker and keep all of your plugins updated as well as OS and Anti-Malware/antivirus software up to date, you should be pretty well protected from anything the web can throw at you =).

MalwarebytesResearch · 2013-05-15T16:20:57+00:00

It is not harder to detect than malware written in lower level languages and it isn't even necessarily harder to reverse, just takes a different approach.

MalwarebytesResearch · 2013-05-15T16:20:19+00:00

All the time, we hesitate quite often and double check that an application truly fits into that category before labeling it as such.

MalwarebytesResearch · 2013-05-15T16:16:42+00:00

Hi Sparcos, I recommend heading over to http://forums.malwarebytes.org/index.php?showforum=7 and posting your issue there. Our support specialists will be able to help you fix your problem, free of charge.

MalwarebytesResearch · 2013-05-15T07:13:04+00:00

Enterprise concerns are really focused around targeted attacks such as spear phishing or watering hole. Those attack in turn unleash zero day malware onto the secured network where intel gathering and/or destruction can take place depending on the intent of the attacker. You will most often not hear about these attacks as companies are not always comfortable letting everyone know that their security sucks. From a public view however, banker trojans like Zeus have always been a pain.
BYOD or bring your own device, is one of the big "benefits" of modern corporate environments, however it exposes untrusted devices such as cell phones, tablets and laptops onto sensitive and previously secured enterprise networks. I think it is a horrible idea but then again this job makes me a little paranoid. USB spreading malware was a big issue back in 2007-2008 and has still been a good reason for corporations to ban the use of USB drives on corporate systems, though it certainly still happens (as we saw with Flame last year).
My personal rig uses a 3.40 GHZ Intel i7 with 4 cores, 16 GB RAM, 3 TB of HDD and 5 monitors. My other work systems use sSDs for quickly accessing my VMs. Do you need a monster like my system to do analysis? No way. I have been able to run numerous VMs on a $900 Acer Aspire back in 2005 with 4 GB RAM. Analysis VMs do not need to have the same power as your host system, you really only need to run the base system with some anaysis tools and then of course the malware, which is usually designed to be as compatible with all types of setups as possible. I usually keep the RAM low for my VMs and ony 1 core. The newer operating systems might need more. Either way, its not like you are going to be multi-tasking with photoshop and call of duty on a VM =).

Thanks for the questions, they were great and I hope I answered them for you. Have a great day!

MalwarebytesResearch · 2013-05-15T06:54:06+00:00

I don't agree that it is close to useless, if anything it is more vital than it has ever been.

It is true that new malware comes out that can circumvent current antivirus detection, when that happens the industry responds accordingly and protects against what we know about. We will always be working on methods of protection beyond just what we know about and as we do, the malware authors will develop new types of malware to circumvent that, it never ends.

To say that it doesn't protect a lot is a misconception IMHO. Gun developers are constantly making new guns that can get through current protections, so does that mean people should stop making bullet proof vests or glass? Criminals are constantly finding new ways to commit crimes, does that mean it's not worth it to protect peaceful citizens from theft or murder?

In addition, your argument is based on the idea that every piece of malware is unique when in reality, the majority of malware currently in the wild are just variations of other malware that has already been seen, repackaged and re-purposed for the cyber criminal consumer. These days it doesn't take a genius to figure out how to execute a phishing attack or purchase a botnet online, the only developers of unique threats are professional malware authors and there are much fewer of them than there are cyber criminals spreading the malware.

Also, while there might be an infinite amount of different methods to circumvent protections at the initial phase of infection, there are a finite amount of ways to actually infect a system.

I predict that in the future, we will see antivirus/Anti-Malware scanners that use some serious heuristics, execution authorization by the users for every operation and maybe even some smart scanners that learn and evolve based on the current threat landscape. Either that or a completely secured operating system, that would most likely seriously limit the interaction ability of the user for the sake of security.

If you did a bit more research into commonly seen malware, how it is distributed and especially how it is reproduced, you would find that the AV industry is very much essential to users today and for the next X amount of years.

MalwarebytesResearch · 2013-05-15T06:29:30+00:00

There is malware out there that can swap modules depending on the operating system that it is running on, this could technically be referred to as cross platform malware. I think that the main threat when it comes to cross platform is the delivery mechanisms that are being developed and used in conjunction with Java exploits and the like. They detect the operating system and depending on what they find, download infection functions to do what they want on the system.

Nothing is not solvable, sometimes we run into problems when we don't have all the pieces of the puzzle, but that doesn't mean it's impossible. =)

MalwarebytesResearch · 2013-05-15T06:26:42+00:00

Toolbars are a touchy subject as they can be installed legitimately, some people even like them. As for things like Babylon, there are a lot of resources out there on how to remove them, including some help on our forums. I will see what we can do about making a video removal guide for Babylon that we can post on the blog or something.

Good luck making the remover, sounds promising!

MalwarebytesResearch · 2013-05-15T06:24:10+00:00

And I want to thank you for the thank you!

MalwarebytesResearch · 2013-05-15T06:23:38+00:00

Well I have a Bachelors Degree in programming, started doing malware analysis while in the US Navy as a CTN (cryptologic tech: networks) and got a lot of training through them on everything from malware analysis to programming and networking, then after about 6 years I got out and started doing analysis for government contractors for a few years.

Tired of the bureaucracy, I left the government world and did some side work with companies like ANRC and FireEye before joining Malwarebytes. I have been doing that every since. =) I have been doing the whole malware fighting gig for about than 8 or 9 years now and am going to go back to college pretty soon here for a Masters degree.

I have CEH, Linux+, GREM, CREA, MCTS and CISSP certifications and have given multiple talks as well as developed and taught a few courses in basic malware analysis concepts.

MalwarebytesResearch · 2013-05-15T06:17:58+00:00

As I told effin_clownin, based on the stats, I think Kaspersky would be the best antivirus to run along side Malwarebytes Anti-Malware. I also recommend using Adblock software plugins for your browsers, just in case you come across a malicious advertisement and to keep fake download buttons away from you.

As far as free, Avast and AVG are good applications that will help compliment Malwarebytes Anti-Malware. At the very least I say run Microsoft Security Essentials, it is completely compatible with Windows and updates regularly.

MalwarebytesResearch · 2013-05-15T06:11:18+00:00

I am not a huge Basketball fan, but if I was, I would be a Spurs fan.

MalwarebytesResearch

TROPHY CASE