Hi there,
today I was informed that CrawlerNG is shipped with the Trojan "Win32/Wacatac.DE!ml", which troubles me deeply!
https://www.microsoft.com/en-us/wdsi/th ... 2147757793
Can you explain the warning? I cannot dig into the code myself because of the (earlier discussed) closed source nature of this project.
Thanks for looking into this,
- Oshino
CrawlerNG: Trojan Warning
-
Robin
- Administrator
- Beiträge: 1723
- Registriert: So 30. Jun 2013, 18:12
- Wohnort: Rheinland-Pfalz
- Hat sich bedankt: 303 Mal
- Danksagung erhalten: 354 Mal
Re: CrawlerNG: Trojan Warning
Hi there, too!
As long as you are sure you downloaded the correct file (zip "CrawlerNG_2020_09_27.zip" with SHA-256 checksum "3c16c9388fe87221c23e4f0c84a9788df61aff347a00acb95343d9e08eb47038" and 146619191 Bytes), there is nothing to be worried about, I think.
I did not compile the source code myself, but I trust the developer behind it and between July 11th and September 27th there has also not been any code change in the Crawler that could be related to this.
Also the zip file was scanned on virustotal a few days ago and none of their scanners seem to indicate a virus.
The bot as well as the CrawlerNG are running through an obfuscator that sometimes gets antivirus software confused because it is a technique also often used by malicious software.
We actually have a similar problem with the Console version of the bot at the moment, even though I recompiled it and lowered the settings.
What is new though is the new signature, I actually can't really explain that. But if you really wanna be sure (and I can always recommend not trusting anybody especially in the internet^^):
You can and should inspect network traffic and file activity on software you really don't trust. For network traffic you can use the free and open source Wireshark, for watching file system/registry activity, you can use a tool like Process Monitor.
Could you please show the exact message you got along with the file that caused it and the software you use?
Regards
Robin
As long as you are sure you downloaded the correct file (zip "CrawlerNG_2020_09_27.zip" with SHA-256 checksum "3c16c9388fe87221c23e4f0c84a9788df61aff347a00acb95343d9e08eb47038" and 146619191 Bytes), there is nothing to be worried about, I think.
I did not compile the source code myself, but I trust the developer behind it and between July 11th and September 27th there has also not been any code change in the Crawler that could be related to this.
Also the zip file was scanned on virustotal a few days ago and none of their scanners seem to indicate a virus.
The bot as well as the CrawlerNG are running through an obfuscator that sometimes gets antivirus software confused because it is a technique also often used by malicious software.
We actually have a similar problem with the Console version of the bot at the moment, even though I recompiled it and lowered the settings.
What is new though is the new signature, I actually can't really explain that. But if you really wanna be sure (and I can always recommend not trusting anybody especially in the internet^^):
You can and should inspect network traffic and file activity on software you really don't trust. For network traffic you can use the free and open source Wireshark, for watching file system/registry activity, you can use a tool like Process Monitor.
Could you please show the exact message you got along with the file that caused it and the software you use?
Regards
Robin
| MFBot-Version | Code-Zeilen* | In Dateien* | Letzte Version |
| MFBot 1.5.x | 6485 | 1 | Juli 2013 |
| MFBot 2.x | 14363 | 16 | März 2014 |
| MFBot 3.x | 22095 | 36 | März 2015 |
| MFBot 4.x | 55242 | 241 | Juli 2018 |
| MFBot 5.x | 66000 | 440 | Tbc |
-
Oshino
- Beiträge: 10
- Registriert: Di 18. Aug 2020, 22:16
- Hat sich bedankt: 4 Mal
- Danksagung erhalten: 0
Re: CrawlerNG: Trojan Warning
Hi Robin,
thanks for your quick response to my concerns!
I must admin that I have not yet fully regained confidence in the executable, but I know that obfuscated binaries will cause false positives for various virus scanners.
[/size]
I cannot provide the (crawlerNG) file as it was removed in the process.
Best,
Oshino
thanks for your quick response to my concerns!
I must admin that I have not yet fully regained confidence in the executable, but I know that obfuscated binaries will cause false positives for various virus scanners.
Sure! I'm using the antivirus software that is built into windows 10, formerly "Windows Security Essentials". This is the original message, "Weitere Informationen" links to https://www.microsoft.com/en-us/wdsi/th ... 2147757793Could you please show the exact message you got along with the file that caused it and the software you use?
- message.PNG (38.64 KiB) 1591 mal betrachtet
I cannot provide the (crawlerNG) file as it was removed in the process.
Best,
Oshino
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast