avast Network Shield is really amazing...

Malware here not flagged see: http://wepawet.iseclab.org/view.php?hash=cb9576ab5d4b937aad1776a07dabddb7&t=1302995344&type=js
http://vscan.urlvoid.com/file/5388f60d7695cb57b87c799ee62d20b2/aW5kZXg=/
Not detected as shown by 0/40 (0.0%) Trojan.Win32.Refroso.dhxg
But the avast Network Shield blocks it as URL:Mal
45 bytes of it detected…
Glad to have this avast protection aboard,

polonus

You’re always surprising me… How do you find such kind of malware? ;D
Thanks avast. It’s not common to see Network Shield in action :slight_smile:

How you can say something like that Tech? :cry:
avast! NS is the most useful module.

Of all the Avast modules the Web Shield and Network Shield have blocked the most since I’ve been using the program. The File Shield has yet to detect anything.

Hi Dch48,

Totally agree with you there, innovative and protection that really matters, so all issues that are being found up for instance here should be used to make the avast Netshield better still: http://www.ipillion.com/ip/78.26.187.195 with
htxp://78.26.187.195/files/59 there - (Suspicious) - DNAScan - see: http://www.virustotal.com/file-scan/report.html?id=41702742a6267b1cd4945980cf8600e41337abe38ad8d38614a8e94e840e077e-1302917378 (avast does not detect that yet)

Constantly keep an eye out on the sparrow, and there sure are a couple of guys out here on the forums that do that, (like “malware hunters” like Pondus, spg SCOTT, Asyn, etc. etc.)

polonus

Avast features are all unique!

You’ve misunderstood me.
I was talking that other shields detects things first. I have very few detections from Network Shield.
I’m not bashing it. It’s useful and very good of course.

For me, Web Shield and File Shield. Very few dangerous browsing from my side, so, maybe Network Shield does not shine for me regarding to my personal detections.

Polonus, how do you discover such infected sites?

Tech,

There are many resource sites where they follow up new malware. When reported the new malware site has been scanned by VT, we have the MD5 hash and for instance we can look here: https://vicheck.ca/md5query.php for a ThreatExpert report. Sometimes the first detection comes from scanning at http://vscan.urlvoid.com/ or at wepawet. Do we have detection at wepawet it means in some cases we have an Anubis report, an Anubis report means detection by Ikarus that goes to mean Emisoft will add detection. So we start out with detection of a suspicious site or file and then later we get 1,2 detections etc. until avast has detection. There are other ways to follow up malware sites too, in this case it was a report at http://www.ipillion.com/ip/ I checked on the malware ip to be followed up at the new malware resource site and stumbled on the latest malware launched from there, you always have to see if the site is still up and active, because online threats can be rather shortlived. If you do it enough, you get some feeling as what to look foor, and what info to combine. First and foremost I look for avast non-detects and report these so they can be added. In most cases looking for the bad malcode url’s can be done without any risk, only be aware where not to click and where not to go, what evaluation to do (sucuri, unmasked parasites etc. etc.)

polonus

Thanks Polonus. A very good description of your hard work trying to help improving avast detection. Really thanks.

I agree, now that’s really living up to the title of evangelist.