Because of the false packer detection issue my verdict is either a FP or minimal a PUP detection,
or this could be useful as an indicator for SEO SPAM detection/IDS on sites (enhancing Sucuri’s detection rate for instance).
Good job tracing it,
Yes this is exactly this one. Could be a PUP actually…
I’m gonna let you know different vendors verdict in a few hours if I get at least the DrWeb one. It has also been reported to Xandora, and currently under processing.
Good action, my friend. Also contact Sucuri’s to see if they consider this as Blackhat SEO Spam malware?
Daniel Cid and his friends could almost be seen as the “inventors” of such detections ;D
now 7/49
Kaspersky’s backend (KSN) classified it as a malware, in a few hours, it’s gonna rename it with an appropriate malware name.
Mcaffe’s Artemis system also identified it.
TrendMicro and Baidu.
I’d like to add that even though we don’t see any detection from Comodo, it’s now actively detected by the backend as malware
if you’d like to check go http://file-intelligence.comodo.com/search-sha1.php and search for SHA-1 fad151dedf9d847a46772a0cd2c239735d38a633
I have not done yet…But have you already tested avast! with Hardened Mode sets to agressive against unknown pieces of malware ?
I’d be interested to see how it does…
Regarding Emsisoft, exellent products as well as one of the best support I have never seen.
I’ve never used F-secure so far, thus can’t give any comments about it.
Hardened mode is good but gives false positives like exe files from Tune Up Utilities, Installers got blocked for me.
Hardened mode blocks almost every single unknown file. I have 13 here on my desktop. Already submitted.
Emsisoft is great i can tell, they have a high ram Usage (about 100-150 mb in a VM for me. But not really that much slowdown.
Also they have a great firewall and behavior blocker.
F-Secure is also good, but it blocks some legit applications.