Couple of days back, lot of Linux utilities were detected as java malware by ClamAV (open source Antivirus).
https://lists.gt.net/clamav/virusdb/69325
Antivirus release the signatures after testing the definition with huge collection of clean file set. But ClamAV missed that today. They detected more clean file as Java malware agent. In that list of signature, we can 100+ java malware signature were created as new signature and those signatures trigger clean files (stayed in VT as clean file for around three years).
These snapshots are proof for how long it is in the system and only clamav detect it as malware, it is a false positive.
The following signatures are creating false positive:
Java.Malware.Agent-6202827-0
Java.Malware.Agent-6203297-0
Java.Malware.Agent-6205980-0
Java.Malware.Agent-6205983-0
Java.Malware.Agent-6206104-0
Java.Malware.Agent-6206112-0
Signature and clean file in VT. All these files are in Virustotal for more than 2-3 years.
Java.Malware.Agent-6202827-0 :
https://www.virustotal.com/en/file/b65161dd5d4020ba0875db66ceef0a2a362ae0225ceeccd29231d7f8132fa3d7/analysis/1491456748/
https://www.virustotal.com/en/file/014ae05271910db8ba64f07e2175989c500cc46ace868965e1ab5bc30e90ab91/analysis/1491456884/
https://www.virustotal.com/en/file/8c190264bdf591ff9f1268dc0ad940a2726f9e958e367716a09b8aaa7e74a755/analysis/1491456884/
https://www.virustotal.com/en/file/8df3d56ffd4f3cf6fd13414bc46accd6919f13e008bec04b7e435da0b0183bee/analysis/1491456898/
Java.Malware.Agent-6203297-0 :
https://www.virustotal.com/en/file/99b83f5f94e57059ecfda0a4823bdf56d6472adae3a2a5c95d9b7f23893a63bd/analysis/1491456962/
https://www.virustotal.com/en/file/dd9e79b759f813269ff15f849c9ebb1999bd7bc988e2b399f7581089fd368acb/analysis/1491456967/
Java.Malware.Agent-6205980-0 :
https://www.virustotal.com/en/file/703944b922d5351aad53b842f7dd38439b7213425f13c6c7f034b8b699b7d578/analysis/1491457053/
https://www.virustotal.com/en/file/b348cc3e0d098ab6d1200956500a0c68d304f40c19c6d4f0c67b2ee26cea00b0/analysis/1491457164/
https://www.virustotal.com/en/file/00be06d4bf98f4094998ec695d604dd258690a5f34a1a4c0dd32e40c54b3c204/analysis/1491457169/
Java.Malware.Agent-6205983-0 :
https://www.virustotal.com/en/file/bb37146a67d067069754c775b9c9f03b52da953261981738de963057023cda3a/analysis/1491457217/
https://www.virustotal.com/en/file/aba7980581027ad5fc74a27ee4d64aad74932fdb32694967242d03fc50290d1f/analysis/1491457223/
https://www.virustotal.com/en/file/c1e1d54f37b270d2391a0a8b104ab7340dcd39f9382078b5b1640528a06fcaf9/analysis/1491457228/
https://www.virustotal.com/en/file/6e3e9c949ab4695a204f74038717aa7b2689b1be94875899ac1b3fe42800ff82/analysis/1491457236/
https://www.virustotal.com/en/file/3a8dc4a12ab9f3607a1a2097bbab0150c947ad6719d8f1bb6d5b47d0fb0c4779/analysis/1491457251/
Java.Malware.Agent-6206104-0 :
https://www.virustotal.com/en/file/f550705b85d00ebbe2758de03a67d737a46c04c3e410c31f36909e4e63974334/analysis/
https://www.virustotal.com/en/file/f30cd6e5e0c872eb1cede65b15b4f0fd1f7a76cb953bded74765241e35caf96b/analysis/
https://www.virustotal.com/en/file/9a9b60e685385225f08e662cb9f60d96610b0987f0f47bbf3f0c92df8a897d00/analysis/
https://www.virustotal.com/en/file/7d4b4878bb5a9f4086f0c587aa9e21cf2f3e665e5d80f852f969b76f1346de41/analysis/
https://www.virustotal.com/en/file/637f5fb07d9b03957bc5f1a57b77a8202ba0a44f52a0d2c30e5d59b65e89ce48/analysis/
Java.Malware.Agent-6206112-0 :
https://www.virustotal.com/en/file/f550705b85d00ebbe2758de03a67d737a46c04c3e410c31f36909e4e63974334/analysis/1491460596/
https://www.virustotal.com/en/file/f30cd6e5e0c872eb1cede65b15b4f0fd1f7a76cb953bded74765241e35caf96b/analysis/1491460609/
https://www.virustotal.com/en/file/9a9b60e685385225f08e662cb9f60d96610b0987f0f47bbf3f0c92df8a897d00/analysis/1491460631/
https://www.virustotal.com/en/file/637f5fb07d9b03957bc5f1a57b77a8202ba0a44f52a0d2c30e5d59b65e89ce48/analysis/1491460647/
Post created by
newWorld
https://lists.gt.net/clamav/virusdb/69325
Antivirus release the signatures after testing the definition with huge collection of clean file set. But ClamAV missed that today. They detected more clean file as Java malware agent. In that list of signature, we can 100+ java malware signature were created as new signature and those signatures trigger clean files (stayed in VT as clean file for around three years).
These snapshots are proof for how long it is in the system and only clamav detect it as malware, it is a false positive.
The following signatures are creating false positive:
Java.Malware.Agent-6202827-0
Java.Malware.Agent-6203297-0
Java.Malware.Agent-6205980-0
Java.Malware.Agent-6205983-0
Java.Malware.Agent-6206104-0
Java.Malware.Agent-6206112-0
Signature and clean file in VT. All these files are in Virustotal for more than 2-3 years.
Java.Malware.Agent-6202827-0 :
https://www.virustotal.com/en/file/b65161dd5d4020ba0875db66ceef0a2a362ae0225ceeccd29231d7f8132fa3d7/analysis/1491456748/
https://www.virustotal.com/en/file/014ae05271910db8ba64f07e2175989c500cc46ace868965e1ab5bc30e90ab91/analysis/1491456884/
https://www.virustotal.com/en/file/8c190264bdf591ff9f1268dc0ad940a2726f9e958e367716a09b8aaa7e74a755/analysis/1491456884/
https://www.virustotal.com/en/file/8df3d56ffd4f3cf6fd13414bc46accd6919f13e008bec04b7e435da0b0183bee/analysis/1491456898/
Java.Malware.Agent-6203297-0 :
https://www.virustotal.com/en/file/99b83f5f94e57059ecfda0a4823bdf56d6472adae3a2a5c95d9b7f23893a63bd/analysis/1491456962/
https://www.virustotal.com/en/file/dd9e79b759f813269ff15f849c9ebb1999bd7bc988e2b399f7581089fd368acb/analysis/1491456967/
Java.Malware.Agent-6205980-0 :
https://www.virustotal.com/en/file/703944b922d5351aad53b842f7dd38439b7213425f13c6c7f034b8b699b7d578/analysis/1491457053/
https://www.virustotal.com/en/file/b348cc3e0d098ab6d1200956500a0c68d304f40c19c6d4f0c67b2ee26cea00b0/analysis/1491457164/
https://www.virustotal.com/en/file/00be06d4bf98f4094998ec695d604dd258690a5f34a1a4c0dd32e40c54b3c204/analysis/1491457169/
Java.Malware.Agent-6205983-0 :
https://www.virustotal.com/en/file/bb37146a67d067069754c775b9c9f03b52da953261981738de963057023cda3a/analysis/1491457217/
https://www.virustotal.com/en/file/aba7980581027ad5fc74a27ee4d64aad74932fdb32694967242d03fc50290d1f/analysis/1491457223/
https://www.virustotal.com/en/file/c1e1d54f37b270d2391a0a8b104ab7340dcd39f9382078b5b1640528a06fcaf9/analysis/1491457228/
https://www.virustotal.com/en/file/6e3e9c949ab4695a204f74038717aa7b2689b1be94875899ac1b3fe42800ff82/analysis/1491457236/
https://www.virustotal.com/en/file/3a8dc4a12ab9f3607a1a2097bbab0150c947ad6719d8f1bb6d5b47d0fb0c4779/analysis/1491457251/
Java.Malware.Agent-6206104-0 :
https://www.virustotal.com/en/file/f550705b85d00ebbe2758de03a67d737a46c04c3e410c31f36909e4e63974334/analysis/
https://www.virustotal.com/en/file/f30cd6e5e0c872eb1cede65b15b4f0fd1f7a76cb953bded74765241e35caf96b/analysis/
https://www.virustotal.com/en/file/9a9b60e685385225f08e662cb9f60d96610b0987f0f47bbf3f0c92df8a897d00/analysis/
https://www.virustotal.com/en/file/7d4b4878bb5a9f4086f0c587aa9e21cf2f3e665e5d80f852f969b76f1346de41/analysis/
https://www.virustotal.com/en/file/637f5fb07d9b03957bc5f1a57b77a8202ba0a44f52a0d2c30e5d59b65e89ce48/analysis/
Java.Malware.Agent-6206112-0 :
https://www.virustotal.com/en/file/f550705b85d00ebbe2758de03a67d737a46c04c3e410c31f36909e4e63974334/analysis/1491460596/
https://www.virustotal.com/en/file/f30cd6e5e0c872eb1cede65b15b4f0fd1f7a76cb953bded74765241e35caf96b/analysis/1491460609/
https://www.virustotal.com/en/file/9a9b60e685385225f08e662cb9f60d96610b0987f0f47bbf3f0c92df8a897d00/analysis/1491460631/
https://www.virustotal.com/en/file/637f5fb07d9b03957bc5f1a57b77a8202ba0a44f52a0d2c30e5d59b65e89ce48/analysis/1491460647/
Post created by
newWorld
No comments:
Post a Comment