There appears to be a group doing the rounds again, so if you play any game with a Steam Market Feature, and they offer you a “deal”, ignore them. Don’t trust a link they give you, no matter how legitimate it may seem. (I knew this wasn’t what it’d seemed like, but they did try to disguise that link)
** Warning Do NOT follow the link in that text chat from the picture. **
Though, I’ve still yet to find out what exactly it’s done to my Virtual Machine.
Started with generic responses: Evo-gen [susp]. An hour later and the threat had been added by a couple more vendors, while others had jut changed the detection name from a generic catch-all.
Again, this seems to be a new group, given that file was first submitted (By me) 13-14 hours ago. It just took a while to post. It dropped an exe file into my temp folder inside the VM, but it doesn’t seem to do anything. Could very well be a zombie infection, DDoS style zombie infections.
More or less why I wanted the domain fast-tracked to a black list.
Let your PE analysers know that the file is dropping exes. Though I’m sure they will find that out on their own. Can one learn from them report back to the functionality of what this is a fully doing? I’ve still seen no I’ll symptoms of a true infection and the analysis from deep is is vague to say the least.
Nope, just some keys, that’s just about all the useful info in that.
@TI199; I have to ask, because I’m looking at that U/N right now in your screenshot. You didn’t test downloading these files on your live machine right? (eg: The physical box, rather then a Virtual Environment)
If you did, you should obtain VirtualBox or a similar program. That’s extremely unsafe to do. “Lenovo” is a weird U/N and something I’d expect to see from a store-bought computer that wasn’t factoried before going out the door.
I do use VM most of the time to hunt around.I just don’t do it when I know the link is a download and nothing that will autoexecute without my permission.I got some additional stuff installed to keep monitoring what runs.
My system was factory reset after It was released by the way but I had to get rid of the bloat though.
Ay, fair play. I would still caution downloading anything that you know (or suspect) is malicious on a live machine. One day it’ll bite you in the arse. Trust me, I’ve had it happen. (Nothing serious, just a USB worm running off a VBS file). Whether or not you intend to run it, things happen you don’t expect.
Completely Agree…I have some software that will alert me if I accidently execute something which doesn’t happen to me since I use vm if I am going to do something with samples.