1. Dismiss Notice
  2. Picture Of The Week (POW) Information and Submissions
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice
  3. Official PK Poll: Is there any future in refilling?
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice
  4. PK Featured Thread: Florida MG7720 Print problem...
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice

Malware flying under the radar

Discussion in 'Everything Else' started by PeterBJ, Aug 18, 2016.

  1. Aug 18, 2016
    PeterBJ

    PeterBJ Printer Master Platinum Printer Member

    Joined:
    Nov 27, 2010
    Messages:
    3,250
    Likes Received:
    2,420
    Trophy Points:
    293
    Location:
    Copenhagen Denmark
    Printer Model:
    Canon iP5200 + more printers
    I was looking for a service manual for Canon MP810. I found a download of a file named Canon_mp810_service_manual.iso. I have seen malware named Canon service manual .......exe, but not Canon service manual......-iso. Neither AVG Internet Security nor Malwarebyte Antimalware found any threats in the downloaded file. But the downloaded file contained an exe file, seen by using an iso viewer, "Overførsler" = Downloads,:
    '
    Canon SM iso.jpg

    I wouldn't run the exe file on my main computer or on my laptop. Instead I opened the file on my W10 P4 experimental computer by double clicking it and double clicking it again. I gave permission to run the file and it was an adware installer, for something named SpringFiles. I cancelled the install before any harm was done.

    I wonder why two excellent antimalware programs didn't detect the Potentially Unwanted Program? Will they also fail to detect something in a zip or rar archive?

    Don't download anything with file extensions exe or iso which is claiming to be a service manual. Canon service manuals are normally pdf but for instance from electrotanya zip and rar archives are also found.
     
    websnail likes this.
  2. Aug 18, 2016
    The Hat

    The Hat Printer VIP Moderator

    Joined:
    Jan 18, 2010
    Messages:
    8,570
    Likes Received:
    3,218
    Trophy Points:
    363
    Location:
    Wicklow Ireland
    Printer Model:
    Canon Rule in My House
    @PeterBJ, interesting find, I use Norton security, so could you Email me that same infected file, just as a test to see if at least Norton can detect it, I promise I won’t try to run it...:D
     
  3. Aug 18, 2016
    The Hat

    The Hat Printer VIP Moderator

    Joined:
    Jan 18, 2010
    Messages:
    8,570
    Likes Received:
    3,218
    Trophy Points:
    363
    Location:
    Wicklow Ireland
    Printer Model:
    Canon Rule in My House
    @PeterBJ, a very interesting find, I use Norton security, so could you Email me that same infected file, just as a test to see if at least Norton can detect it, I promise I won’t try to run it... :D
     
  4. Aug 18, 2016
    ThrillaMozilla

    ThrillaMozilla Printer Master

    Joined:
    Jan 18, 2011
    Messages:
    1,150
    Likes Received:
    310
    Trophy Points:
    213
    You should submit it to the anti-malware companies.
     
  5. Aug 18, 2016
    stratman

    stratman Printer VIP Platinum Printer Member

    Joined:
    Apr 19, 2007
    Messages:
    3,868
    Likes Received:
    2,155
    Trophy Points:
    333
    Location:
    USA
    Printer Model:
    Canon MP830, Pencil
    @PeterBJ -- No need to email the file around. Test the file with the free internet scanner virustotal. It uses several dozen different scanning software to scan the file. Then you can post the results.
     
    The Hat and PeterBJ like this.
  6. Aug 18, 2016
    PeterBJ

    PeterBJ Printer Master Platinum Printer Member

    Joined:
    Nov 27, 2010
    Messages:
    3,250
    Likes Received:
    2,420
    Trophy Points:
    293
    Location:
    Copenhagen Denmark
    Printer Model:
    Canon iP5200 + more printers
    I had deleted the file, but I found it again and submitted it to Virustotal for scanning. 13 of 55 security scanners found something wrong, but AVG, Malwarebytes Antimalware and Symantec gave it a clean bill of health. Here is the link to the Virustotal test.

    AFAIK knowingly distributing malware is an offense, so I wouldn't like to send this to somebody per Email. Do you really still want it @The Hat ?

    I wonder if sending the malware in an iso file is the latest way of stealth for malware?

    I will try to unpack the file and send the exe file for test at Virustotal to see if this gives more detections. But that will be done with the experimental P4 computer. I will not unpack the file on my main computer or my laptop.
     
    Last edited: Aug 18, 2016
    stratman and The Hat like this.
  7. Aug 18, 2016
    The Hat

    The Hat Printer VIP Moderator

    Joined:
    Jan 18, 2010
    Messages:
    8,570
    Likes Received:
    3,218
    Trophy Points:
    363
    Location:
    Wicklow Ireland
    Printer Model:
    Canon Rule in My House
    Yes please..:)
     
  8. Aug 18, 2016
    stratman

    stratman Printer VIP Platinum Printer Member

    Joined:
    Apr 19, 2007
    Messages:
    3,868
    Likes Received:
    2,155
    Trophy Points:
    333
    Location:
    USA
    Printer Model:
    Canon MP830, Pencil
    Thanks PeterBJ.

    Interesting that one of the big boys ESET-NOD32 also did not detect. This leads me to think that this is not a true infection but adware included with the manual in the ISO.

    I have run across this bundling before inside an ISO. Eternal vigilance for these hidden things is your best friend.
     
    PeterBJ likes this.
  9. Aug 18, 2016
    PeterBJ

    PeterBJ Printer Master Platinum Printer Member

    Joined:
    Nov 27, 2010
    Messages:
    3,250
    Likes Received:
    2,420
    Trophy Points:
    293
    Location:
    Copenhagen Denmark
    Printer Model:
    Canon iP5200 + more printers
    @The Hat I have sent the file as requested. Please report if Norton detects anything wrong.
     
  10. Aug 18, 2016
    PeterBJ

    PeterBJ Printer Master Platinum Printer Member

    Joined:
    Nov 27, 2010
    Messages:
    3,250
    Likes Received:
    2,420
    Trophy Points:
    293
    Location:
    Copenhagen Denmark
    Printer Model:
    Canon iP5200 + more printers
    @stratman The suspect iso file is around 5.5 MB, the real Canon MP810 service manual is around 13.5 MB pdf. So I think opening and running the installer in the iso file will give me adware, but sadly no manual.

    Yes it is said the most important malware filter is between your ears!
     
    stratman likes this.

Share This Page