Re: The story of the security-plagued cyberisland

From: Ish Sookun <ish_at_hacklog.in>
Date: Sun, 28 Jun 2015 20:59:09 +0400

Hi Logan,

On 06/28/2015 08:13 PM, Loganaden Velvindron wrote:
>
> There's a guy who worked on malware analysis who wrote about the
> malware on his blog. I think that it's good to have the opinion of an
> expert who has worked in a Security company, who happens to live in
> Mauritius. I invite you to read it :) :
>

Can you provide the name of the expert, the security company and
references to malware analysis that he has done. Otherwise, you would be
calling me to blindly believe what you are saying.

That is the exact same nature of what I discussed with the person. I do
not say things that I did not see and I do not build conclusions in my
head before-hand.

The Microsoft Security Advisory is nowhere to be found; though I recall
it mentioned about browser hijacking or something. I did not find such
behaviors when I tested AskToolbar.exe as I reported in my article [1].
Now, do I have to write otherwise because I thought the software would
not let me change the homepage, would not uninstall cleanly etc? Sorry
Logan, I cannot write lies. I wrote what I saw.

The blog article you mentioned does not show concrete points except some
excitement over what was found in a behavioral report of VirusTotal.
That report is informational but not in-depth enough for me to draw
conclusions whether or not the particular file is malware. Does every
executable that accesses MS DeviceIOControl behave maliciously? I do not
know why AskToolbar.exe accessed the DeviceIOControl. Do you know? Can
you show something concrete? Can the expert who analyses malware since
1999 show something?

The second excitement is about autoexec.bat. Right? It looks like none
of you is looking beyond "start-up programs". Some environment variables
are loaded in through file. I do not know if that is what the program
was looking for. Can you analyze what information it was looking for in
the autoexec.bat?

Again and again the person in various comments showed his excitement
about ask.com being 10th most visited website. Does my article addresses
the issue of why ask.com is tenth or it caters for tests to verify
whether ask.com toolbar behaved maliciously?

I mentioned that I tested *Ask.com toolbar signed on October 2014* and
it did not behave maliciously. The person comes back again saying
whether I am saying it is fine for Ask.com to spy on people.

A more proper way to address the topic would be if the person had tested
some vintage Ask.com toolbar and proved it to behave maliciously. Alas,
he only wasted a blog post. Hopefully, I shall do that in the coming
days :-) I expected security people to have more common sense rather
than acting like excited kids over some new toy.

[1] http://hacklog.in/is-the-ask-com-toolbar-a-malware

Regards,

-- 
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Sun Jun 28 2015 - 16:59:30 PST

This archive was generated by hypermail 2.3.0 : Sun Jun 28 2015 - 17:00:02 PST