Why Bitdefender advanced thread defense didn’t kill fake windows update ransom????
Also it didn’t kill mbr locker/killer. Many malware can write boot sector, like menz. Low level disk can be write and cannot boot windows successfully.Why Bitdefender didn’t block it?
And I had download fake windows update in my PC, Not only Bitdefender Total Security, even endpoint security cannot block the ransom. my files are encrypted successfully and cannot be roll back.
Why don’t optimize it to deny acess of this ransom, like kaspersky, its heuristic engine can kill all variants of this malware
Comments
-
2
-
You need to understand that currently there is no product in the market that will provide you with 100% security from all the malicious stuffs on the internet. Even with the latest technologies like artificial intelligence, machine learning and behavior blocking, no anti malware company can guarantee you 100% protection.
I have tested majority of ransomware against kaspersky in virtual machines and kaspersky failed to detect them and even its behavior blocking and machine learning were also not able stop the encryption of the files.
That being said, can you upload the sample of encrypted file on the below stated websites to let us know which ransomware has encrypted your file and if decryption is possible or not.
As far as the ransomware sample you downloaded, can you share the virustotal link.
Also, please be aware of not deliberately executing a unknown file/ malicious file on your host PC. If you want to do so, kindly always use a virtual machine so that your host PC does not gets affected.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
Thanks for the link. Will get it checked by malware researchers.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
So, I got the update from the malware researchers through the bitdefender support team. The sample is now detected by bitdefender.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
I am a user of both Kaspersky and Bitdefender. Since Kaspersky extracted characteristics of Magniber ( Windows Update Ransom), it can kill almost every new variant of magniber by its heuristic engine ( detection name: HEUR:Trojan-Ransom.Win64.Magni.gen).
While for Bitdefender, it can only detect a single new variant of Magniber long after we users submit the new samples, and there seem no efforts trying to extract their common characteristics. And for ATD, it can sometimes identity suspicious behaviours, but the *.msi malware process ( Magniber) will not be stopped, and as a result, all of your files are encrypted. Many users like me have contacted with bitdefender support teams regarding this for many times. To our disappointment, there seems no improvements. Maybe they don't care about its users at all. They simply deal with a single variant( and not want to extract their common characteristics l like kaspersky) again and again. What's worse, Magniber is not a rare kind of ransomware, and it's popular in some countries.
If you test more Magniber(s) against kaspersky and bitdefender, I think you can draw a similar conclusion. This is a sample of magniber, Maybe you can have a test.
[LINK TO MALWARE SAMPLE REMOVED]
1 -
Hi @DengZhihao and welcome to our Community. Thanks for sharing this, I'll pass this to the labs team right now.
Cheers,
Mike
Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB
0 -
As checked, both samples that were shared by you are now detected by bitdefender.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
Thanks for your replying! But the problem is that the current solution cannot fundamentally solve the problem, which many other users and I care most. As being said, Bitdefender can not defense any new variant of Magniber, while kaspersky can by detecting the characteristics ( using heuristic engine) of the virus family.
Here are some sample of magniber that Bitdefender cannot detect:
Sample 1:
VirusTotal - File - 50ae33cbee960a371ef4e068ea88e3c12d50304cc9a803dd20df1de5ad2c2952
Kaspersky: HEUR:Trojan-Ransom.Win64.Magni.gen
(In fact, almost all variants of magniber can be detected by kaspersky by detection name:HEUR:Trojan-Ransom.Win64.Magni.gen)
[ATTACHMENT OF MALWARE SAMPLE REMOVED]
Sample 2:
[LINK TO MALWARE SAMPLE REMOVED]
Sample 3:
[LINK TO MALWARE SAMPLE REMOVED]
When there will be any improvements for detecting this kind of ransom?
Regards
0 -
Thanks for providing the samples. You need to understand, not every anti malware product can detect each and every type of malware. I have a collection ransomware samples which kaspersky fails to detect. That being said the samples that you have provided will be shared with malware researchers.
If in future, you come across any undetected samples by bitdefender, you can directly share the samples with our malware research team by filling up the below stated forum
https://www.bitdefender.com/consumer/support/answer/29358/
If you need additional information on your query, you can drop an email to bitdefender support at bitsy@bitdefender.com and ask them to get some information directly from the malware researchers.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
2 -
So, @DengZhihao , anti-malware team is working for a detection which should be activated during the next couple of weeks. Thanks again for sharing this in our community.
cheers,
Mike
Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB
0 -
Hello,
Just following up on this topic. I hereby confirm that full detection for any new variant of Magniber has been officially added in the product on the 14th of June.
Special thanks to @DengZhihao for your valuable contribution and feedback!
Best regards
Premium Security & Bitdefender Endpoint Security Tools user
0 -
Hello @Mike_BD @Alexandru_BD Thank you share us those information. It is a good news.
But unluckily, the Magniber new variants have been breakthrough the universal detection. And now Bitdefender still can't detect new variants.
As far as I know, Kaspersky and ESET-NOD32 have added many kinds of universal detection for Magniber and they have been able to detect most variants and it is difficult to breakthrough the detection.
This is a Magniber new variants VirusTotal URLs, bitdefender couldn't detect it at first, and then Trojan.GenericKD was added through submission, but I suspect it is still hash detection.
And how can I inform you if new variants appear, after normal process submission you may add hash detection instead of universal detection.
Thank you for your help.
Best regards.
wwwab
0 -
Magniber new variants are aggressive, Again stumped many antivirus software providers. Nevertheless, I hope that bitdefender can optimize the active defense model at the same time, instead of scanning for missed and unable to actively defend against this virus, which is beneficial to bitdefender's ability to detect killing and anti-virus. Hopefully, after the virus runs successfully, bitdefender can detect and deal with the file before it is encrypted, rather than being unresponsive, not to mention the scan missed.
0 -
As checked, all samples whose virustotal total links were shared except one are detected by bitdefender. The undetected sample has been shared with malware researchers.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
There is probably hundreds of magniber samples being created every day , without improving Advanced threat defense and ransomware remediation which both of them fail against magniber ransomware every time , nothing is gonna change . How is Bitdefender incapable of adding a unique signature for magniber after months but ESET and Kaspersky were able to do it within a single day after it reappeared ?
1 -
Well, that kind of a question should be addressed directly to Bitdefender staff.
@Alexandru_BD, @Mike_BD and @camarie Please check on this. Thanks.
1 -
Hi,
There is another new variant of Magniber, which bypassed Bitdefender's scanner engine and ATD.
MD5: 1994a7bbf2a170e414526b01de8fe870
Magniber ransomware is consistently evolving, and so should Bitdefender.
0 -
If you need additional information on your query, you can drop an email to bitdefender support at bitsy@bitdefender.com and ask them to get some information directly from the malware researchers.
Also, kindly refrain from sharing direct links to download malware samples in the forum. You are only allowed to share the virustotal links or the hash of the files.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hi @mrmirakhur ,thank you for your reply.
But, what I mean is, when will Bitdefender do scan generic detections and active defenses as soon as virus runs. The current situation is that it is all Trojan.GenericKD detection, I suspect it's hash detection, and Bitdefender will not respond at all to Magniber as soon as the virus runs. This is a really serious problem.
But it's good to hear from bitdefender tech support that scan generic detections are being reworked.
I hope that the Bitdefender's active defenses as soon as the virus runs can be play its due role as soon as possible.
Thanks.
Best regards.
wwwab
0 -
Hi @mrmirakhur ,thank you for your reply.
But, what I mean is, when will Bitdefender do scan generic detections and active defenses as soon as virus runs. The current situation is that it is all Trojan.GenericKD detection, I suspect it's hash detection, and Bitdefender will not respond at all to Magniber as soon as the virus runs. This is a really serious problem.
But it's good to hear from bitdefender tech support that scan generic detections are being reworked.
I hope that the Bitdefender's active defenses as soon as the virus runs can be play its due role as soon as possible.
Thanks.
Best regards.
wwwab
0 -
Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB
2 -
Below is the response from malware researchers via bitdefender support team.
I had also informed support team to share this particular community link with the malware researchers.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
3 -
That is correct @mrmirakhur . A quick update from the AM team - a new detection update was rolled out on June 28th at 22:32 hrs EE time. Effect: many samples should now be detected.
Also, the team is working to push a more aggressive detection on these kind of samples.
Mike
Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB
4 -
Hashes shared with malware researchers.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
Hello, these are new samples of Magniber (perhaps already submitted by other users, but I'd like to post here to help roughly record the revolution of Magniber, which may be help for analyzing). This kind of ransom now updates extremely quickly to by pass anti-virus products. What's worse, it's said that this kind o is now created automatically and is distributed only once ( different user will be infected with different variants) , which makes it extremly hard to detect the ransom by scanning. Because of this, improvements on ATD and ransomware remediation may be necessary and crucial. The major malicious behaviors of Magniber are stable and rarely changes. (Eg. Direct Syscall;started by msiexec.exe; remote thread injection to normal process like svhost.exe,)
ShA-256 are:
1: 2ee1e2a8cb2e6713b0bc53a9d722126d7289882a5a75aaef91ae69a43c5bbed2
2: f46c9756c89315ee524c15974b03750d9c645ea4c0562a5ded0947ab93d2e567
4:2db8eab29f3b9c22e099195c496add0eb94a04181c95746e0703fee9150c656c
5:58dc26eed12d85e534d4888d8e73b23998c076d52f52303f869efde9c9d4b6e1
2
